[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 6/8] block: dump_qlist() may dereference a Null poin
From: |
Liam Merwick |
Subject: |
[Qemu-devel] [PATCH 6/8] block: dump_qlist() may dereference a Null pointer |
Date: |
Thu, 30 Aug 2018 16:47:09 +0100 |
A NULL 'list' passed into function dump_qlist() isn't correctly
validated and can be passed to qlist_first() where it is dereferenced.
This could be resolved by checking if the list is NULL in dump_qlist()
and returning immediately. However, the general case can be handled by
adding a NULL arg check to to qlist_first() and qlist_next() and all
the callers to those functions handle that cleanly.
Signed-off-by: Liam Merwick <address@hidden>
Reviewed-by: Darren Kenny <address@hidden>
Reviewed-by: Mark Kanda <address@hidden>
---
include/qapi/qmp/qlist.h | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/include/qapi/qmp/qlist.h b/include/qapi/qmp/qlist.h
index 8d2c32ca2863..1ec716e2eb9e 100644
--- a/include/qapi/qmp/qlist.h
+++ b/include/qapi/qmp/qlist.h
@@ -58,11 +58,17 @@ void qlist_destroy_obj(QObject *obj);
static inline const QListEntry *qlist_first(const QList *qlist)
{
+ if (!qlist) {
+ return NULL;
+ }
return QTAILQ_FIRST(&qlist->head);
}
static inline const QListEntry *qlist_next(const QListEntry *entry)
{
+ if (!entry) {
+ return NULL;
+ }
return QTAILQ_NEXT(entry, next);
}
--
1.8.3.1