[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v3 4/8] qemu-img: potential Null pointer deref i
|
From: |
Max Reitz |
|
Subject: |
Re: [Qemu-devel] [PATCH v3 4/8] qemu-img: potential Null pointer deref in img_commit() |
|
Date: |
Fri, 12 Oct 2018 16:51:53 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.0 |
On 31.08.18 20:16, Liam Merwick wrote:
> The function block_job_get() may return NULL so before dereferencing
> the 'job' pointer in img_commit() it should be checked.
It may not because the job yields before executing anything (if it
started successfully; but otherwise, commit_active_start() would have
returned an error). Therefore, I think the better solution is to
assert(job) here.
(It would be a serious bug if block_job_get() returned NULL here, so
it's definitely not something we can be quiet about. But this patch
makes it so the user doesn't even notice.)
Max
> Signed-off-by: Liam Merwick <address@hidden>
> Reviewed-by: Darren Kenny <address@hidden>
> Reviewed-by: Mark Kanda <address@hidden>
> ---
> qemu-img.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/qemu-img.c b/qemu-img.c
> index b12f4cd19b0a..51fe09bd08ed 100644
> --- a/qemu-img.c
> +++ b/qemu-img.c
> @@ -1029,6 +1029,9 @@ static int img_commit(int argc, char **argv)
> }
>
> job = block_job_get("commit");
> + if (job == NULL) {
> + goto unref_backing;
> + }
> run_block_job(job, &local_err);
> if (local_err) {
> goto unref_backing;
>
signature.asc
Description: OpenPGP digital signature