[Qemu-stable] [PATCH 09/67] scsi: mptsas: use g

qemu-stable

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-stable] [PATCH 09/67] scsi: mptsas: use g_new0 to allocate MPTSASR

From:	Michael Roth
Subject:	[Qemu-stable] [PATCH 09/67] scsi: mptsas: use g_new0 to allocate MPTSASRequest object
Date:	Wed, 14 Dec 2016 18:44:03 -0600

From: Li Qiang <address@hidden>

When processing IO request in mptsas, it uses g_new to allocate
a 'req' object. If an error occurs before 'req->sreq' is
allocated, It could lead to an OOB write in mptsas_free_request
function. Use g_new0 to avoid it.

Reported-by: Li Qiang <address@hidden>
Signed-off-by: Prasad J Pandit <address@hidden>
Message-Id: <address@hidden>
Cc: address@hidden
Signed-off-by: Paolo Bonzini <address@hidden>
(cherry picked from commit 670e56d3ed2918b3861d9216f2c0540d9e9ae0d5)
Signed-off-by: Michael Roth <address@hidden>
---
 hw/scsi/mptsas.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/scsi/mptsas.c b/hw/scsi/mptsas.c
index 0e0a22f..eaae1bb 100644
--- a/hw/scsi/mptsas.c
+++ b/hw/scsi/mptsas.c
@@ -304,7 +304,7 @@ static int mptsas_process_scsi_io_request(MPTSASState *s,
         goto bad;
     }
 
-    req = g_new(MPTSASRequest, 1);
+    req = g_new0(MPTSASRequest, 1);
     QTAILQ_INSERT_TAIL(&s->pending, req, next);
     req->scsi_io = *scsi_io;
     req->dev = s;
-- 
1.9.1

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-stable] [PATCH 00/67] Patch Round-up for stable 2.7.1, freeze on 2016-12-20, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 10/67] scsi: pvscsi: limit process IO loop to ring size, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 09/67] scsi: mptsas: use g_new0 to allocate MPTSASRequest object, Michael Roth <=
- [Qemu-stable] [PATCH 11/67] qemu-char: avoid segfault if user lacks of permisson of a given logfile, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 12/67] scsi-disk: change disk serial length from 20 to 36, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 13/67] vmw_pvscsi: check page count while initialising descriptor rings, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 15/67] scsi: mptconfig: fix misuse of MPTSAS_CONFIG_PACK, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 14/67] scsi: mptconfig: fix an assert expression, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 16/67] crypto: ensure XTS is only used with ciphers with 16 byte blocks, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 17/67] iothread: Stop threads before main() quits, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 18/67] scsi-disk: Cleaning up around tray open state, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 19/67] virtio-scsi: Don't abort when media is ejected, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 20/67] ahci: clear aiocb in ncq_cb, Michael Roth, 2016/12/14

Prev by Date: [Qemu-stable] [PATCH 10/67] scsi: pvscsi: limit process IO loop to ring size
Next by Date: [Qemu-stable] [PATCH 00/67] Patch Round-up for stable 2.7.1, freeze on 2016-12-20
Previous by thread: [Qemu-stable] [PATCH 10/67] scsi: pvscsi: limit process IO loop to ring size
Next by thread: [Qemu-stable] [PATCH 11/67] qemu-char: avoid segfault if user lacks of permisson of a given logfile
Index(es):
- Date
- Thread