|
| From: | Liam Merwick |
| Subject: | Re: [Qemu-devel] [PATCH v3 4/8] qemu-img: potential Null pointer deref in img_commit() |
| Date: | Fri, 19 Oct 2018 21:32:05 +0100 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 |
On 12/10/18 15:51, Max Reitz wrote:
On 31.08.18 20:16, Liam Merwick wrote:The function block_job_get() may return NULL so before dereferencing the 'job' pointer in img_commit() it should be checked.It may not because the job yields before executing anything (if it started successfully; but otherwise, commit_active_start() would have returned an error). Therefore, I think the better solution is to assert(job) here.
Switched patch to use assert() Regards, Liam
(It would be a serious bug if block_job_get() returned NULL here, so it's definitely not something we can be quiet about. But this patch makes it so the user doesn't even notice.) MaxSigned-off-by: Liam Merwick <address@hidden> Reviewed-by: Darren Kenny <address@hidden> Reviewed-by: Mark Kanda <address@hidden> --- qemu-img.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/qemu-img.c b/qemu-img.c index b12f4cd19b0a..51fe09bd08ed 100644 --- a/qemu-img.c +++ b/qemu-img.c @@ -1029,6 +1029,9 @@ static int img_commit(int argc, char **argv) }job = block_job_get("commit");+ if (job == NULL) { + goto unref_backing; + } run_block_job(job, &local_err); if (local_err) { goto unref_backing;
| [Prev in Thread] | Current Thread | [Next in Thread] |