[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 15/25] scsi: mptsas: use g_new0 to allocate MPTSASRe
From: |
Michael Roth |
Subject: |
[Qemu-devel] [PATCH 15/25] scsi: mptsas: use g_new0 to allocate MPTSASRequest object |
Date: |
Tue, 20 Sep 2016 12:05:31 -0500 |
From: Li Qiang <address@hidden>
When processing IO request in mptsas, it uses g_new to allocate
a 'req' object. If an error occurs before 'req->sreq' is
allocated, It could lead to an OOB write in mptsas_free_request
function. Use g_new0 to avoid it.
Reported-by: Li Qiang <address@hidden>
Signed-off-by: Prasad J Pandit <address@hidden>
Message-Id: <address@hidden>
Cc: address@hidden
Signed-off-by: Paolo Bonzini <address@hidden>
(cherry picked from commit 670e56d3ed2918b3861d9216f2c0540d9e9ae0d5)
Signed-off-by: Michael Roth <address@hidden>
---
hw/scsi/mptsas.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/scsi/mptsas.c b/hw/scsi/mptsas.c
index be88e16..970c265 100644
--- a/hw/scsi/mptsas.c
+++ b/hw/scsi/mptsas.c
@@ -304,7 +304,7 @@ static int mptsas_process_scsi_io_request(MPTSASState *s,
goto bad;
}
- req = g_new(MPTSASRequest, 1);
+ req = g_new0(MPTSASRequest, 1);
QTAILQ_INSERT_TAIL(&s->pending, req, next);
req->scsi_io = *scsi_io;
req->dev = s;
--
1.9.1
- [Qemu-devel] [PATCH 00/25] Patch Round-up for stable 2.6.2, freeze on 2016-08-26, Michael Roth, 2016/09/20
- [Qemu-devel] [PATCH 11/25] virtio: zero vq->inuse in virtio_reset(), Michael Roth, 2016/09/20
- [Qemu-devel] [PATCH 09/25] 9pfs: forbid . and .. in file names, Michael Roth, 2016/09/20
- [Qemu-devel] [PATCH 10/25] 9pfs: handle walk of ".." in the root directory, Michael Roth, 2016/09/20
- [Qemu-devel] [PATCH 12/25] virtio-balloon: discard virtqueue element on reset, Michael Roth, 2016/09/20
- [Qemu-devel] [PATCH 13/25] vnc: fix qemu crash because of SIGSEGV, Michael Roth, 2016/09/20
- [Qemu-devel] [PATCH 14/25] 9pfs: fix potential segfault during walk, Michael Roth, 2016/09/20
- [Qemu-devel] [PATCH 15/25] scsi: mptsas: use g_new0 to allocate MPTSASRequest object,
Michael Roth <=
- [Qemu-devel] [PATCH 22/25] crypto: ensure XTS is only used with ciphers with 16 byte blocks, Michael Roth, 2016/09/20
- [Qemu-devel] [PATCH 16/25] scsi: pvscsi: limit process IO loop to ring size, Michael Roth, 2016/09/20
- [Qemu-devel] [PATCH 18/25] scsi-disk: change disk serial length from 20 to 36, Michael Roth, 2016/09/20
- [Qemu-devel] [PATCH 17/25] qemu-char: avoid segfault if user lacks of permisson of a given logfile, Michael Roth, 2016/09/20
- [Qemu-devel] [PATCH 20/25] scsi: mptconfig: fix an assert expression, Michael Roth, 2016/09/20
- [Qemu-devel] [PATCH 02/25] ui: fix refresh of VNC server surface, Michael Roth, 2016/09/20
- [Qemu-devel] [PATCH 19/25] vmw_pvscsi: check page count while initialising descriptor rings, Michael Roth, 2016/09/20
- [Qemu-devel] [PATCH 03/25] virtio: recalculate vq->inuse after migration, Michael Roth, 2016/09/20
- [Qemu-devel] [PATCH 21/25] scsi: mptconfig: fix misuse of MPTSAS_CONFIG_PACK, Michael Roth, 2016/09/20
- [Qemu-devel] [PATCH 24/25] scsi-disk: Cleaning up around tray open state, Michael Roth, 2016/09/20