From nobody Tue Nov 4 23:51:20 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=gmail.com Return-Path: Received: from lists.gnu.org (208.118.235.17 [208.118.235.17]) by mx.zohomail.com with SMTPS id 1532342721312660.4812559001509; Mon, 23 Jul 2018 03:45:21 -0700 (PDT) Received: from localhost ([::1]:33824 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fhYKz-0005Oo-Eo for importer@patchew.org; Mon, 23 Jul 2018 06:45:09 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:44453) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fhYJy-0004ms-Bt for qemu-devel@nongnu.org; Mon, 23 Jul 2018 06:44:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fhYJv-0004EO-8j for qemu-devel@nongnu.org; Mon, 23 Jul 2018 06:44:06 -0400 Received: from mail-ed1-x541.google.com ([2a00:1450:4864:20::541]:39667) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fhYJv-0004Ds-0F for qemu-devel@nongnu.org; Mon, 23 Jul 2018 06:44:03 -0400 Received: by mail-ed1-x541.google.com with SMTP id h4-v6so523390edi.6 for ; Mon, 23 Jul 2018 03:44:01 -0700 (PDT) Received: from localhost.localdomain ([194.230.159.145]) by smtp.gmail.com with ESMTPSA id w26-v6sm4268969eds.7.2018.07.23.03.43.58 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 23 Jul 2018 03:43:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=OYETJUDNxIkpgD3r5/+7rbw5ntByAcXMK7DzueJdS/Y=; b=uYJcdDp6vPrjKEmF7q/wVIypsdwiuEMV2E28gH4onaSfyo84SNamxYWTw4koIkJMJf JRZjrN+R+6i091Bj88f9xUjlcRHKVAaIOSKBbYgQhxZABKcF2Uuw2hKIVjl1yv4jorwi xROLSmRRwSN9Ciw0d3LmhhPm3NdPgPZZKnDqOpyckhIaq+c4LsHNVzDQ2ypoAetDvEfu T0Ua0yvBgda12pFQEcuzDij19VZEla2Oob3OvGAObstwjDDDoZu4g2gaCIynR52Q+BfR Au+I1qL4jQafjUC8rpleTsXM5wOFnF9ocB29VVSIKX+hDBpfuzNbpsNJBOTG9YHZWZ0e q4fw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=OYETJUDNxIkpgD3r5/+7rbw5ntByAcXMK7DzueJdS/Y=; b=fTl/Mh2OIuFp4W4q22NR+N3YJmvksRACPfq4DxunQBnmO72azo3Boj0PpJgmqJL7q+ 2UtPS/zim/n4bQPrpoiUdvdEnIWCqTwdLDoV4IcQYjxHxboxRLd8CeRPAM0mXfzWLabS iYPrIQE5NPufJeGpC2Rd7tDI70J4gqk49kvlZXaGz3TKdeNOa9DCSNfQbkTDA6SS7mjg WaTJXdJx0PpRxt3a81cBcuRjQqDTIm44HY5TrqbI4bfmoBzTZDH1mXKXWYaw0nLbHNgW ipKJttiM/edr4NbqEr02y81sxjP/f1cQoesfAzUj+0l81az50TxpPUfu8XOe1iOZn1aY d8Bg== X-Gm-Message-State: AOUpUlFw5s0l1ottijn6TedzPBL4ORoQtQChUhqygGQwTnBxXAV/UzAx uKnQUxxiEN0Eqtz5cIxlG10= X-Google-Smtp-Source: AAOMgpdii2KcRP3JPWkN4WNQzn5OR8/E230PveiesU82sfwAjT+xuY+9eB7Yo0H2zFj3lfvF59aACA== X-Received: by 2002:a50:8367:: with SMTP id 94-v6mr13015499edh.5.1532342640497; Mon, 23 Jul 2018 03:44:00 -0700 (PDT) From: Emanuele Giuseppe Esposito To: Stefan Hajnoczi Date: Mon, 23 Jul 2018 12:43:42 +0200 Message-Id: <20180723104342.22992-1-e.emanuelegiuseppe@gmail.com> X-Mailer: git-send-email 2.17.1 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::541 Subject: [Qemu-devel] [PATCH] pci-pc: add NULL check for qpci_free_pc X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , Paolo Bonzini , Emanuele Giuseppe Esposito , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" The current layout of struct QPCIBusPC provides only one field, QPCIBus bus, so passing a NULL pointer to qpci_free_pc() makes container_of(NULL, QPCIBusPC, bus) returning 0 (NULL), that is correctly handled by g_free(). This is bad practice, allowing the caller to think that it's okay to always pass NULL to the function, even though this is just a particular case. In facts, qpci_free_pc() happens to return NULL only because container_of computes the subtraction between the given NULL pointer and offsetof(QPCIBus, bus), with the latter returning 0 too, since bus is the first element of the struct and there is no offset betwen itself and QPCIBusPC. However, if in future the bus field changes its position, for example becom= ing the second field, offsetof will return a number > 0, since there is some of= fset between the beginning of the struct and the bus field. Therefore passing a NULL pointer to the container_of macro will return a negative number, that will be translated into an invalid address passed to g_free() and causing a seg fault. Adding a preventive safety check that returns from the function if the given pointer is NULL solves the problem. Signed-off-by: Emanuele Giuseppe Esposito Reviewed-by: Stefan Hajnoczi --- tests/libqos/pci-pc.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/libqos/pci-pc.c b/tests/libqos/pci-pc.c index a7803308b7..bb062bee5a 100644 --- a/tests/libqos/pci-pc.c +++ b/tests/libqos/pci-pc.c @@ -152,6 +152,10 @@ QPCIBus *qpci_init_pc(QTestState *qts, QGuestAllocator= *alloc) =20 void qpci_free_pc(QPCIBus *bus) { + if (!bus) { + return; + } + QPCIBusPC *s =3D container_of(bus, QPCIBusPC, bus); =20 g_free(s); --=20 2.17.1