[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] hw/net: prevent potential NULL dereference
|
From: |
David Gibson |
|
Subject: |
Re: [PATCH] hw/net: prevent potential NULL dereference |
|
Date: |
Fri, 31 May 2024 14:52:52 +1000 |
On Thu, May 30, 2024 at 10:03:51AM +0100, Peter Maydell wrote:
> On Thu, 30 May 2024 at 01:52, David Gibson <david@gibson.dropbear.id.au>
> wrote:
> >
> > On Wed, May 29, 2024 at 02:07:18PM +0300, Oleg Sviridov wrote:
> > > Pointer, returned from function 'spapr_vio_find_by_reg', may be NULL and
> > > is dereferenced immediately after.
> > >
> > > Found by Linux Verification Center (linuxtesting.org) with SVACE.
> > >
> > > Signed-off-by: Oleg Sviridov <oleg.sviridov@red-soft.ru>
> > > ---
> > > hw/net/spapr_llan.c | 4 ++++
> > > 1 file changed, 4 insertions(+)
> > >
> > > diff --git a/hw/net/spapr_llan.c b/hw/net/spapr_llan.c
> > > index ecb30b7c76..f40b733229 100644
> > > --- a/hw/net/spapr_llan.c
> > > +++ b/hw/net/spapr_llan.c
> > > @@ -770,6 +770,10 @@ static target_ulong
> > > h_change_logical_lan_mac(PowerPCCPU *cpu,
> > > SpaprVioVlan *dev = VIO_SPAPR_VLAN_DEVICE(sdev);
> >
> > Hmm... I thought VIO_SPAPR_VLAN_DEVICE() was supposed to abort if sdev
> > was NULL or not of the right type. Or have the rules for qom helpers
> > changed since I wrote this.
>
> QOM casts abort if the type is wrong, but a NULL pointer is
> passed through as a NULL pointer.
Ah, my mistake. LGTM, then.
--
David Gibson | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
signature.asc
Description: PGP signature