qemu-stable
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-stable] [PATCH 14/25] 9pfs: fix potential segfault during walk

From: Michael Roth
Subject: [Qemu-stable] [PATCH 14/25] 9pfs: fix potential segfault during walk
Date: Tue, 20 Sep 2016 12:05:30 -0500 
From: Greg Kurz <address@hidden>

If the call to fid_to_qid() returns an error, we will call v9fs_path_free()
on uninitialized paths.

It is a regression introduced by the following commit:

56f101ecce0e 9pfs: handle walk of ".." in the root directory

Let's fix this by initializing dpath and path before calling fid_to_qid().

Signed-off-by: Greg Kurz <address@hidden>
Reviewed-by: Cédric Le Goater <address@hidden>
[groug: updated the changelog to indicate this is regression and to provide
        the offending commit SHA1]
Signed-off-by: Greg Kurz <address@hidden>

(cherry picked from commit 13fd08e631ec0c3ff5ad1bdcb6a4474c7d9a024f)
Signed-off-by: Michael Roth <address@hidden>
---
 hw/9pfs/9p.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index 1ac05b2..d47f5de 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -1318,13 +1318,14 @@ static void v9fs_walk(void *opaque)
         goto out_nofid;
     }
 
+    v9fs_path_init(&dpath);
+    v9fs_path_init(&path);
+
     err = fid_to_qid(pdu, fidp, &qid);
     if (err < 0) {
         goto out;
     }
 
-    v9fs_path_init(&dpath);
-    v9fs_path_init(&path);
     /*
      * Both dpath and path initially poin to fidp.
      * Needed to handle request with nwnames == 0
-- 
1.9.1
reply via email to
[Prev in Thread] Current Thread [Next in Thread]