[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH] 9pfs: fix potential segfault during walk
|
From: |
Greg Kurz |
|
Subject: |
[Qemu-devel] [PATCH] 9pfs: fix potential segfault during walk |
|
Date: |
Fri, 16 Sep 2016 01:05:11 +0200 |
|
User-agent: |
StGit/0.17.1-dirty |
If the call to fid_to_qid() returns an error, we will call v9fs_path_free()
on uninitialized paths.
Let's fix this by initializing dpath and path before calling fid_to_qid().
Signed-off-by: Greg Kurz <address@hidden>
---
Thanks Paolo (and Coverity) for spotting this.
Cc'ing stable as this is a regression introduced in 2.7. It is also present
in Michael's stable-2.6-staging branch.
hw/9pfs/9p.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index dfe293d11d1c..91a497079acb 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -1320,13 +1320,14 @@ static void v9fs_walk(void *opaque)
goto out_nofid;
}
+ v9fs_path_init(&dpath);
+ v9fs_path_init(&path);
+
err = fid_to_qid(pdu, fidp, &qid);
if (err < 0) {
goto out;
}
- v9fs_path_init(&dpath);
- v9fs_path_init(&path);
/*
* Both dpath and path initially poin to fidp.
* Needed to handle request with nwnames == 0
- [Qemu-devel] [PATCH] 9pfs: fix potential segfault during walk,
Greg Kurz <=