[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 6/6] softmmu-semi: fix lock_user* functions not
From: |
Jim Meyering |
Subject: |
Re: [Qemu-devel] [PATCH 6/6] softmmu-semi: fix lock_user* functions not to deref NULL upon OOM |
Date: |
Thu, 24 May 2012 16:46:36 +0200 |
Peter Maydell wrote:
> On 16 May 2012 14:08, Jim Meyering <address@hidden> wrote:
>> From: Jim Meyering <address@hidden>
>>
>> Use g_malloc/g_free in place of malloc/free.
>>
>> Signed-off-by: Jim Meyering <address@hidden>
>> ---
>> softmmu-semi.h | 6 +++---
>> 1 file changed, 3 insertions(+), 3 deletions(-)
>>
>> diff --git a/softmmu-semi.h b/softmmu-semi.h
>> index 648cb95..996e0f7 100644
>> --- a/softmmu-semi.h
>> +++ b/softmmu-semi.h
>> @@ -39,7 +39,7 @@ static void *softmmu_lock_user(CPUArchState *env,
>> uint32_t addr, uint32_t len,
>> {
>> uint8_t *p;
>> /* TODO: Make this something that isn't fixed size. */
>> - p = malloc(len);
>> + p = g_malloc(len);
>> if (copy)
>> cpu_memory_rw_debug(env, addr, p, len, 0);
>> return p;
>
> Nak. This function is called with a length passed from the guest, so
> killing qemu if the length is too large is a bad idea. The callers
> should handle it returning NULL on failure. (Most of them do already,
> if any do not that's a bug.) The bug in this function is passing
> NULL to cpu_memory_rw_debug().
That makes sense.
I've adjusted as you suggest and posted a V2.
- Re: [Qemu-devel] [PATCH 4/6] sheepdog: don't leak socket file descriptor upon connection failure, (continued)