qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH for-8.2 1/2] qdev: Fix crash in array property getter

From: Philippe Mathieu-Daudé
Subject: Re: [PATCH for-8.2 1/2] qdev: Fix crash in array property getter
Date: Fri, 24 Nov 2023 19:06:56 +0100
User-agent: Mozilla Thunderbird 
On 21/11/23 18:34, Kevin Wolf wrote:

Passing an uninitialised list to visit_start_list() happens to work for
the QObject output visitor because it treats the pointer as an opaque
value and never dereferences it, but the string output visitor expects a
valid list to check if it has more than one element.

The existing code crashes with the string output visitor if the
uninitialised value is non-NULL. Passing an explicit NULL would fix the
crash, but still result in wrong output.

Rework get_prop_array() so that it conforms to the expectations that the
string output visitor has. This includes building a real list first and
using visit_next_list() to iterate it.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1993
Reported-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
  hw/core/qdev-properties.c | 33 ++++++++++++++++++++++++++-------
  1 file changed, 26 insertions(+), 7 deletions(-)
Per https://lore.kernel.org/qemu-devel/CAFXChKJ+OoxXH0Krvvc0-84VwTkat1CciOL=59+gyH+WYWEV_A@mail.gmail.com/ 
Tested-by: Dan Hoffman <dhoff749@gmail.com>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]