1. Patchew
  2. QEMU
  3. View series

[Qemu-devel] [PATCH v2] hmp: Fix drive_add ... format=help crash

Markus Armbruster posted 1 patch 5 years ago
Test docker-mingw@fedora passed
Test docker-clang@ubuntu passed
Test checkpatch passed
Test asan passed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20190408153003.20596-1-armbru@redhat.com
Maintainers: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
device-hotplug.c | 2 +-
tests/test-hmp.c | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
[Qemu-devel] [PATCH v2] hmp: Fix drive_add ... format=help crash
Posted by Markus Armbruster 5 years ago 
drive_new() returns null without setting an error when it provided
help.  add_init_drive() assumes null means failure, and crashes trying
to report a null error.

Fixes: c4f26c9f37ce511e5fe629c21c180dc6eb7c5a25
Cc: qemu-stable@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
---
v2: Make tests/test-hmp.c cover the bug

 device-hotplug.c | 2 +-
 tests/test-hmp.c | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/device-hotplug.c b/device-hotplug.c
index 6090d5f1e9..6153259d71 100644
--- a/device-hotplug.c
+++ b/device-hotplug.c
@@ -48,7 +48,7 @@ static DriveInfo *add_init_drive(const char *optstr)
 
     mc = MACHINE_GET_CLASS(current_machine);
     dinfo = drive_new(opts, mc->block_default_type, &err);
-    if (!dinfo) {
+    if (err) {
         error_report_err(err);
         qemu_opts_del(opts);
         return NULL;
diff --git a/tests/test-hmp.c b/tests/test-hmp.c
index 8c49d2fdf1..54a01824dc 100644
--- a/tests/test-hmp.c
+++ b/tests/test-hmp.c
@@ -31,6 +31,7 @@ static const char *hmp_cmds[] = {
     "cpu 0",
     "device_add ?",
     "device_add usb-mouse,id=mouse1",
+    "drive_add ignored format=help",
     "mouse_button 7",
     "mouse_move 10 10",
     "mouse_button 0",
-- 
2.17.2
Re: [Qemu-devel] [PATCH v2] hmp: Fix drive_add ... format=help crash
Posted by Dr. David Alan Gilbert 5 years ago 
* Markus Armbruster (armbru@redhat.com) wrote:
> drive_new() returns null without setting an error when it provided
> help.  add_init_drive() assumes null means failure, and crashes trying
> to report a null error.
> 
> Fixes: c4f26c9f37ce511e5fe629c21c180dc6eb7c5a25
> Cc: qemu-stable@nongnu.org
> Signed-off-by: Markus Armbruster <armbru@redhat.com>
> ---
> v2: Make tests/test-hmp.c cover the bug
> 
>  device-hotplug.c | 2 +-
>  tests/test-hmp.c | 1 +
>  2 files changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/device-hotplug.c b/device-hotplug.c
> index 6090d5f1e9..6153259d71 100644
> --- a/device-hotplug.c
> +++ b/device-hotplug.c
> @@ -48,7 +48,7 @@ static DriveInfo *add_init_drive(const char *optstr)
>  
>      mc = MACHINE_GET_CLASS(current_machine);
>      dinfo = drive_new(opts, mc->block_default_type, &err);
> -    if (!dinfo) {
> +    if (err) {
>          error_report_err(err);
>          qemu_opts_del(opts);
>          return NULL;
> diff --git a/tests/test-hmp.c b/tests/test-hmp.c
> index 8c49d2fdf1..54a01824dc 100644
> --- a/tests/test-hmp.c
> +++ b/tests/test-hmp.c
> @@ -31,6 +31,7 @@ static const char *hmp_cmds[] = {
>      "cpu 0",
>      "device_add ?",
>      "device_add usb-mouse,id=mouse1",
> +    "drive_add ignored format=help",

Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>

>      "mouse_button 7",
>      "mouse_move 10 10",
>      "mouse_button 0",
> -- 
> 2.17.2
> 
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
Re: [Qemu-devel] [PATCH v2] hmp: Fix drive_add ... format=help crash
Posted by Kevin Wolf 5 years ago 
Am 08.04.2019 um 17:30 hat Markus Armbruster geschrieben:
> drive_new() returns null without setting an error when it provided
> help.  add_init_drive() assumes null means failure, and crashes trying
> to report a null error.
> 
> Fixes: c4f26c9f37ce511e5fe629c21c180dc6eb7c5a25
> Cc: qemu-stable@nongnu.org
> Signed-off-by: Markus Armbruster <armbru@redhat.com>

Thanks, applied to the block branch.

Kevin
Re: [Qemu-devel] [PATCH v2] hmp: Fix drive_add ... format=help crash
Posted by Philippe Mathieu-Daudé 5 years ago 
On 4/8/19 5:30 PM, Markus Armbruster wrote:
> drive_new() returns null without setting an error when it provided
> help.  add_init_drive() assumes null means failure, and crashes trying
> to report a null error.
> 
> Fixes: c4f26c9f37ce511e5fe629c21c180dc6eb7c5a25
> Cc: qemu-stable@nongnu.org
> Signed-off-by: Markus Armbruster <armbru@redhat.com>

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>

> ---
> v2: Make tests/test-hmp.c cover the bug
> 
>  device-hotplug.c | 2 +-
>  tests/test-hmp.c | 1 +
>  2 files changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/device-hotplug.c b/device-hotplug.c
> index 6090d5f1e9..6153259d71 100644
> --- a/device-hotplug.c
> +++ b/device-hotplug.c
> @@ -48,7 +48,7 @@ static DriveInfo *add_init_drive(const char *optstr)
>  
>      mc = MACHINE_GET_CLASS(current_machine);
>      dinfo = drive_new(opts, mc->block_default_type, &err);
> -    if (!dinfo) {
> +    if (err) {
>          error_report_err(err);
>          qemu_opts_del(opts);
>          return NULL;
> diff --git a/tests/test-hmp.c b/tests/test-hmp.c
> index 8c49d2fdf1..54a01824dc 100644
> --- a/tests/test-hmp.c
> +++ b/tests/test-hmp.c
> @@ -31,6 +31,7 @@ static const char *hmp_cmds[] = {
>      "cpu 0",
>      "device_add ?",
>      "device_add usb-mouse,id=mouse1",
> +    "drive_add ignored format=help",
>      "mouse_button 7",
>      "mouse_move 10 10",
>      "mouse_button 0",
>

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.