[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] hw/scsi/megasas: check for NULL frame in megasas_command_can
|
From: |
Mauro Matteo Cascella |
|
Subject: |
Re: [PATCH] hw/scsi/megasas: check for NULL frame in megasas_command_cancelled() |
|
Date: |
Mon, 25 Jan 2021 15:22:54 +0100 |
Hello,
Any updates on this little patch? Please find below a reproducer for
this bug (thanks Alexander):
https://lists.nongnu.org/archive/html/qemu-devel/2021-01/msg02567.html
Thank you,
On Thu, Dec 24, 2020 at 6:55 PM Mauro Matteo Cascella
<mcascell@redhat.com> wrote:
>
> Ensure that 'cmd->frame' is not NULL before accessing the 'header' field.
> This check prevents a potential NULL pointer dereference issue.
>
> RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1910346
> Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
> Reported-by: Cheolwoo Myung <cwmyung@snu.ac.kr>
> ---
> hw/scsi/megasas.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
> index 1a5fc5857d..77510e120c 100644
> --- a/hw/scsi/megasas.c
> +++ b/hw/scsi/megasas.c
> @@ -1893,7 +1893,7 @@ static void megasas_command_cancelled(SCSIRequest *req)
> {
> MegasasCmd *cmd = req->hba_private;
>
> - if (!cmd) {
> + if (!cmd || !cmd->frame) {
> return;
> }
> cmd->frame->header.cmd_status = MFI_STAT_SCSI_IO_FAILED;
> --
> 2.29.2
>
--
Mauro Matteo Cascella
Red Hat Product Security
PGP-Key ID: BB3410B0