[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-block] [Qemu-devel] [PULL 5/8] commit: Fix use after free in c
From: |
Peter Maydell |
Subject: |
Re: [Qemu-block] [Qemu-devel] [PULL 5/8] commit: Fix use after free in completion |
Date: |
Sun, 9 Jul 2017 18:09:22 +0100 |
On 13 June 2017 at 17:46, Kevin Wolf <address@hidden> wrote:
> Am 13.06.2017 um 18:12 hat Peter Maydell geschrieben:
>> On 7 June 2017 at 18:50, Kevin Wolf <address@hidden> wrote:
>> > diff --git a/block/commit.c b/block/commit.c
>> > index a3028b2..af6fa68 100644
>> > --- a/block/commit.c
>> > +++ b/block/commit.c
>> > @@ -89,6 +89,10 @@ static void commit_complete(BlockJob *job, void *opaque)
>> > int ret = data->ret;
>> > bool remove_commit_top_bs = false;
>> >
>> > + /* Make sure overlay_bs and top stay around until
>> > bdrv_set_backing_hd() */
>> > + bdrv_ref(top);
>> > + bdrv_ref(overlay_bs);
>> > +
>> > /* Remove base node parent that still uses BLK_PERM_WRITE/RESIZE
>> > before
>> > * the normal backing chain can be restored. */
>> > blk_unref(s->base);
>>
>> Hi -- coverity complains about this change, because bdrv_ref()
>> assumes that its argument is not NULL, but later on in commit_complete()
>> we have a check
>> "if (overlay_bs && ...)"
>> which assumes its argument might be NULL. (CID 1376205)
>>
>> Which is correct?
>
> I saw the Coverity report and am looking into it. It's not completely
> clear to me yet which is correct, but I suspect it can be NULL.
Just a nudge on this one -- I don't think there's been a patch sent
to the list for this check-after-use ?
(It's one of just 7 coverity issues left which haven't had at least
a patch sent to the list now...)
thanks
-- PMM
- Re: [Qemu-block] [Qemu-devel] [PULL 5/8] commit: Fix use after free in completion,
Peter Maydell <=