From nobody Mon Feb 9 23:01:09 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1529378666450208.10419181185523; Mon, 18 Jun 2018 20:24:26 -0700 (PDT) Received: from localhost ([::1]:39006 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fV7Fl-0004Ut-Bn for importer@patchew.org; Mon, 18 Jun 2018 23:24:21 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:47241) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fV5jp-0003H3-IC for qemu-devel@nongnu.org; Mon, 18 Jun 2018 21:47:18 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fV5jo-0000wo-Sc for qemu-devel@nongnu.org; Mon, 18 Jun 2018 21:47:17 -0400 Received: from mail-ot0-x241.google.com ([2607:f8b0:4003:c0f::241]:40782) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fV5jo-0000wf-Nh; Mon, 18 Jun 2018 21:47:16 -0400 Received: by mail-ot0-x241.google.com with SMTP id w9-v6so20748890otj.7; Mon, 18 Jun 2018 18:47:16 -0700 (PDT) Received: from localhost ([2600:1700:70:e488:b0ee:9bda:ee6f:91be]) by smtp.gmail.com with ESMTPSA id m191-v6sm7996266oig.0.2018.06.18.18.47.14 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 18 Jun 2018 18:47:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=UhM4EtKvojSnL2UCEGrkZClAl5TYIKOqJIN4IMMdDMs=; b=u4I0vrvhkVhXnxKWerLAo8KzawiHgc17qM5D3OxjT3VlFnIaAVClXS3xQxJfabTEEj 3SrtpYPzUZTsw07OmYFYKZl61I+fX5Alb71I+7ogFvbTUhJnQDNdr1GKKvrJ5gMZFYhM CyHpsy09uiAL0qy+7UTw2jwsljC/9AL0flaG9KXBQiazCo5A8WpP1WTFM4hODde7Sep8 IKNOzkuN1UpY5doOj3jj09EBGAlwweieXZ9HhALWGz5cIQ9PnDUZQtFRo2cZM7uZye6a n3Q1w8Iyzu2ndgRav3VT6M994sKEa2Chp2NCUoA8LqsuXlP4UHdAdwO0dGDhXFeJQ0+E VZcQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=UhM4EtKvojSnL2UCEGrkZClAl5TYIKOqJIN4IMMdDMs=; b=kXejr3UdFniYKKraQaDcPMLZDRjq3gOpmYa5LP+OITmdn4xc/pa7LqvcRIPvPsoPI8 Xn+10ww3Nz9aatwPuU2D39P5rPL5fGiPyZmYWsG1nSFPH94YI96awyATbzC6Z821XPZT IdZ2opktcu0ikZhfDiplNKt4A0QN7UblvMMeGHJ7WWw/ydHSBGK2WpUV+ylVYV+NAUPb 5NF7dOGPoWYE7sjkvUeKpXWO4cltcHy2EiwReZP+1xdFrQAWp+hJmf6q7E2kwhaV+yIV h3K53n3IiS2z1726TNSuFNwHmlT9frKyIOdliEqelYDTfiEGvfPgi3bue61g7e1AqDyU f0LQ== X-Gm-Message-State: APt69E29pwDx81zLKj/zB5jP9BSwJ8n5R500SRGHwIsprzG9ChuN2cK0 zWjqMK8BBC4gggKfJsuQqv15p9P7Al4= X-Google-Smtp-Source: ADUXVKIjHy0xRjRD/sSbUjc1oDaO/TTVcKBNjdpCcY0d7LbKZ4EuPuHF+WzXc0hecD0URpCSkj8bOg== X-Received: by 2002:a9d:2371:: with SMTP id k46-v6mr9815457otd.210.1529372835402; Mon, 18 Jun 2018 18:47:15 -0700 (PDT) From: Michael Roth To: qemu-devel@nongnu.org Date: Mon, 18 Jun 2018 20:42:50 -0500 Message-Id: <20180619014319.28272-85-mdroth@linux.vnet.ibm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180619014319.28272-1-mdroth@linux.vnet.ibm.com> References: <20180619014319.28272-1-mdroth@linux.vnet.ibm.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:4003:c0f::241 Subject: [Qemu-devel] [PATCH 084/113] console: Avoid segfault in screendump X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michal Privoznik , qemu-stable@nongnu.org, Gerd Hoffmann Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Michal Privoznik After f771c5440e04626f1 it is possible to select device and head which to take screendump from. And even though we check if provided head number falls within range, it may still happen that the console has no surface yet leading to SIGSEGV: qemu.git $ ./x86_64-softmmu/qemu-system-x86_64 \ -qmp stdio \ -device virtio-vga,id=3Dvideo0,max_outputs=3D4 {"execute":"qmp_capabilities"} {"execute":"screendump", "arguments":{"filename":"/tmp/screen.ppm", "devi= ce":"video0", "head":1}} Segmentation fault #0 0x00005628249dda88 in ppm_save (filename=3D0x56282826cbc0 "/tmp/screen= .ppm", ds=3D0x0, errp=3D0x7fff52a6fae0) at ui/console.c:304 #1 0x00005628249ddd9b in qmp_screendump (filename=3D0x56282826cbc0 "/tmp/= screen.ppm", has_device=3Dtrue, device=3D0x5628276902d0 "video0", has_head= =3Dtrue, head=3D1, errp=3D0x7fff52a6fae0) at ui/console.c:375 #2 0x00005628247740df in qmp_marshal_screendump (args=3D0x562828265e00, r= et=3D0x7fff52a6fb68, errp=3D0x7fff52a6fb60) at qapi/qapi-commands-ui.c:110 Here, @ds from frame #0 (or @surface from frame #1) is dereferenced at the very beginning of ppm_save(). And because it's NULL crash happens. Signed-off-by: Michal Privoznik Reviewed-by: Thomas Huth Message-id: cb05bb1909daa6ba62145c0194aafa05a14ed3d1.1526569138.git.mprivoz= n@redhat.com Signed-off-by: Gerd Hoffmann (cherry picked from commit 08d9864fa4e0c616e076ca8b225d39a7ecb189af) Signed-off-by: Michael Roth --- ui/console.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ui/console.c b/ui/console.c index c4c95abed7..96272b5c45 100644 --- a/ui/console.c +++ b/ui/console.c @@ -354,6 +354,11 @@ void qmp_screendump(const char *filename, Error **errp) =20 graphic_hw_update(con); surface =3D qemu_console_surface(con); + if (!surface) { + error_setg(errp, "no surface"); + return; + } + ppm_save(filename, surface, errp); } =20 --=20 2.11.0