[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL v6 15/42] pc: fix possible NULL pointer dereference i
From: |
Eduardo Habkost |
Subject: |
[Qemu-devel] [PULL v6 15/42] pc: fix possible NULL pointer dereference in pc_machine_get_device_memory_region_size() |
Date: |
Fri, 5 Jul 2019 19:14:37 -0300 |
From: Igor Mammedov <address@hidden>
QEMU will crash when device-memory-region-size property is read if
ms->device_memory
wasn't initialized yet.
Crash can be reproduced with:
$QEMU -preconfig -qmp unix:qmp_socket,server,nowait &
./scripts/qmp/qom-get -s qmp_socket /machine.device-memory-region-size
Instead of crashing return 0 if ms->device_memory hasn't been initialized.
Signed-off-by: Igor Mammedov <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Eduardo Habkost <address@hidden>
---
hw/i386/pc.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index e8378f6a0a..2107532d12 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -2553,7 +2553,11 @@ pc_machine_get_device_memory_region_size(Object *obj,
Visitor *v,
Error **errp)
{
MachineState *ms = MACHINE(obj);
- int64_t value = memory_region_size(&ms->device_memory->mr);
+ int64_t value = 0;
+
+ if (ms->device_memory) {
+ value = memory_region_size(&ms->device_memory->mr);
+ }
visit_type_int(v, name, &value, errp);
}
--
2.18.0.rc1.1.g3f1ff2140
- [Qemu-devel] [PULL v6 07/42] hw/i386: Replace global smp variables with machine smp properties, (continued)
- [Qemu-devel] [PULL v6 07/42] hw/i386: Replace global smp variables with machine smp properties, Eduardo Habkost, 2019/07/05
- [Qemu-devel] [PULL v6 09/42] hw: Replace global smp variables with MachineState for all remaining archs, Eduardo Habkost, 2019/07/05
- [Qemu-devel] [PULL v6 12/42] hw/i386: Adjust nr_dies with configured smp_dies for PCMachine, Eduardo Habkost, 2019/07/05
- [Qemu-devel] [PULL v6 10/42] vl.c: Replace smp global variables with smp machine properties, Eduardo Habkost, 2019/07/05
- [Qemu-devel] [PULL v6 13/42] i386/cpu: Consolidate die-id validity in smp context, Eduardo Habkost, 2019/07/05
- [Qemu-devel] [PULL v6 08/42] hw/arm: Replace global smp variables with machine smp properties, Eduardo Habkost, 2019/07/05
- [Qemu-devel] [PULL v6 11/42] i386: Add die-level cpu topology to x86CPU on PCMachine, Eduardo Habkost, 2019/07/05
- [Qemu-devel] [PULL v6 16/42] machine: show if CLI option '-numa node, mem' is supported in QAPI schema, Eduardo Habkost, 2019/07/05
- [Qemu-devel] [PULL v6 15/42] pc: fix possible NULL pointer dereference in pc_machine_get_device_memory_region_size(),
Eduardo Habkost <=
- [Qemu-devel] [PULL v6 14/42] i386: Update new x86_apicid parsing rules with die_offset support, Eduardo Habkost, 2019/07/05
- [Qemu-devel] [PULL v6 17/42] numa: deprecate 'mem' parameter of '-numa node' option, Eduardo Habkost, 2019/07/05
- [Qemu-devel] [PULL v6 18/42] numa: deprecate implict memory distribution between nodes, Eduardo Habkost, 2019/07/05
- [Qemu-devel] [PULL v6 19/42] hppa: Delete unused hppa_cpu_list() function, Eduardo Habkost, 2019/07/05
- [Qemu-devel] [PULL v6 21/42] i386: Don't print warning if phys-bits was set automatically, Eduardo Habkost, 2019/07/05
- [Qemu-devel] [PULL v6 22/42] i386: Fix signedness of hyperv_spinlock_attempts, Eduardo Habkost, 2019/07/05
- [Qemu-devel] [PULL v6 24/42] x86/cpu: use FeatureWordArray to define filtered_features, Eduardo Habkost, 2019/07/05
- [Qemu-devel] [PULL v6 23/42] i386: make 'hv-spinlocks' a regular uint32 property, Eduardo Habkost, 2019/07/05
- [Qemu-devel] [PULL v6 25/42] i386: Remove unused host_cpudef variable, Eduardo Habkost, 2019/07/05
- [Qemu-devel] [PULL v6 26/42] target/i386: Add CPUID.1F generation support for multi-dies PCMachine, Eduardo Habkost, 2019/07/05