[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel][PATCH] ppc/spapr_events: fix potential NULL pointer der
|
From: |
David Gibson |
|
Subject: |
Re: [Qemu-devel][PATCH] ppc/spapr_events: fix potential NULL pointer dereference in rtas_event_log_dequeue |
|
Date: |
Tue, 19 Nov 2019 13:50:58 +1100 |
|
User-agent: |
Mutt/1.12.1 (2019-06-15) |
On Mon, Nov 18, 2019 at 09:50:13AM +0800, address@hidden wrote:
> From: PanNengyuan <address@hidden>
>
> source is being dereferenced before it is null checked, hence there is a
> potential null pointer dereference.
>
> This fixes:
> 360
> CID 68911917: (NULL_RETURNS)
> 361. dereference: Dereferencing "source", which is known to be
> "NULL".
> 361 if (source->mask & event_mask) {
> 362 break;
> 363 }
>
> Reported-by: Euler Robot <address@hidden>
> Signed-off-by: PanNengyuan <address@hidden>
I don't think this is the right solution. The only events we ever
generated are LOG_TYPE_EPOW and LOG_TYPE_HOTPLUG, so in fact source
should never be NULL.
I think the correct way to satisfy Coverity here is to have
rtas_event_log_to_source() do an assert(), rather than returning NULL
for other event types.
> ---
> hw/ppc/spapr_events.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c
> index 0e4c195..febd2ef 100644
> --- a/hw/ppc/spapr_events.c
> +++ b/hw/ppc/spapr_events.c
> @@ -358,7 +358,7 @@ static SpaprEventLogEntry
> *rtas_event_log_dequeue(SpaprMachineState *spapr,
> rtas_event_log_to_source(spapr,
> spapr_event_log_entry_type(entry));
>
> - if (source->mask & event_mask) {
> + if (source && (source->mask & event_mask)) {
> break;
> }
> }
--
David Gibson | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
signature.asc
Description: PGP signature