qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] scsi: mptsas: use g_new0 to allocate MPTSASRequ

From: Paolo Bonzini
Subject: Re: [Qemu-devel] [PATCH] scsi: mptsas: use g_new0 to allocate MPTSASRequest object
Date: Mon, 12 Sep 2016 14:58:26 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 

On 12/09/2016 14:44, P J P wrote:
> From: Li Qiang <address@hidden>
> 
> When processing IO request in mptsas, it uses g_new to allocate
> a 'req' object. If an error occurs before 'req->sreq' is
> allocated, It could lead to an OOB write in mptsas_free_request
> function. Use g_new0 to avoid it.
> 
> Reported-by: Li Qiang <address@hidden>
> Signed-off-by: Prasad J Pandit <address@hidden>

Cc: address@hidden

Queued, thanks.

> ---
>  hw/scsi/mptsas.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/hw/scsi/mptsas.c b/hw/scsi/mptsas.c
> index bebe513..7b02130 100644
> --- a/hw/scsi/mptsas.c
> +++ b/hw/scsi/mptsas.c
> @@ -304,7 +304,7 @@ static int mptsas_process_scsi_io_request(MPTSASState *s,
>          goto bad;
>      }
>  
> -    req = g_new(MPTSASRequest, 1);
> +    req = g_new0(MPTSASRequest, 1);
>      QTAILQ_INSERT_TAIL(&s->pending, req, next);
>      req->scsi_io = *scsi_io;
>      req->dev = s;
>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]