[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 02/51] scsi: fix scsi_convert_sense crash when in_buf
From: |
Paolo Bonzini |
Subject: |
[Qemu-devel] [PULL 02/51] scsi: fix scsi_convert_sense crash when in_buf == NULL && in_len == 0 |
Date: |
Tue, 16 Jan 2018 15:16:44 +0100 |
scsi_disk_emulate_command passes in_buf == NULL when sent a REQUEST
SENSE command. Check for in_len == 0 before dereferencing in_buf.
Fixes: f68d98b21fa74155dc7c1fd212474379ac3c7531
Reported-by: Roman Kagan <address@hidden>
Tested-by: Roman Kagan <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
---
scsi/utils.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/scsi/utils.c b/scsi/utils.c
index ddae650..8738522 100644
--- a/scsi/utils.c
+++ b/scsi/utils.c
@@ -322,18 +322,18 @@ int scsi_convert_sense(uint8_t *in_buf, int in_len,
SCSISense sense;
bool fixed_in;
+ if (in_len == 0) {
+ return scsi_build_sense_buf(buf, len, SENSE_CODE(NO_SENSE), fixed);
+ }
+
fixed_in = (in_buf[0] & 2) == 0;
- if (in_len && fixed == fixed_in) {
+ if (fixed == fixed_in) {
memcpy(buf, in_buf, MIN(len, in_len));
return MIN(len, in_len);
- }
-
- if (in_len == 0) {
- sense = SENSE_CODE(NO_SENSE);
} else {
sense = scsi_parse_sense_buf(in_buf, in_len);
+ return scsi_build_sense_buf(buf, len, sense, fixed);
}
- return scsi_build_sense_buf(buf, len, sense, fixed);
}
int scsi_sense_to_errno(int key, int asc, int ascq)
--
1.8.3.1
- [Qemu-devel] [PULL v4 00/51] Misc patches for 2018-01-12, Paolo Bonzini, 2018/01/16
- [Qemu-devel] [PULL 06/51] chardev: use backend chr context when watch for fe, Paolo Bonzini, 2018/01/16
- [Qemu-devel] [PULL 11/51] build-sys: add a rule to print a variable, Paolo Bonzini, 2018/01/16
- [Qemu-devel] [PULL 05/51] i386/cpu/kvm: look at PMU's CPUID before setting MSRs, Paolo Bonzini, 2018/01/16
- [Qemu-devel] [PULL 07/51] chardev: let g_idle_add() be with chardev gcontext, Paolo Bonzini, 2018/01/16
- [Qemu-devel] [PULL 08/51] chardev: introduce qemu_chr_timeout_add_ms(), Paolo Bonzini, 2018/01/16