Message ID | 20211102163342.31162-1-stefanha@redhat.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | softmmu/qdev-monitor: fix use-after-free in qdev_set_id() | expand |
On 11/2/21 17:33, Stefan Hajnoczi wrote: > Reported by Coverity (CID 1465222). > > Fixes: 4a1d937796de0fecd8b22d7dbebf87f38e8282fd ("softmmu/qdev-monitor: add error handling in qdev_set_id") > Cc: Damien Hedde <damien.hedde@greensocs.com> > Cc: Kevin Wolf <kwolf@redhat.com> > Cc: Michael S. Tsirkin <mst@redhat.com> > Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> > --- > softmmu/qdev-monitor.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/softmmu/qdev-monitor.c b/softmmu/qdev-monitor.c > index 4851de51a5..06f86a1a96 100644 > --- a/softmmu/qdev-monitor.c > +++ b/softmmu/qdev-monitor.c > @@ -581,8 +581,8 @@ const char *qdev_set_id(DeviceState *dev, char *id, Error **errp) > if (prop) { > dev->id = id; > } else { > - g_free(id); > error_setg(errp, "Duplicate device ID '%s'", id); > + g_free(id); > return NULL; > } Ouch. Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
On Tue, Nov 02, 2021 at 04:33:42PM +0000, Stefan Hajnoczi wrote: > Reported by Coverity (CID 1465222). > > Fixes: 4a1d937796de0fecd8b22d7dbebf87f38e8282fd ("softmmu/qdev-monitor: add error handling in qdev_set_id") > Cc: Damien Hedde <damien.hedde@greensocs.com> > Cc: Kevin Wolf <kwolf@redhat.com> > Cc: Michael S. Tsirkin <mst@redhat.com> > Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Ouch. Reviewed-by: Michael S. Tsirkin <mst@redhat.com> > --- > softmmu/qdev-monitor.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/softmmu/qdev-monitor.c b/softmmu/qdev-monitor.c > index 4851de51a5..06f86a1a96 100644 > --- a/softmmu/qdev-monitor.c > +++ b/softmmu/qdev-monitor.c > @@ -581,8 +581,8 @@ const char *qdev_set_id(DeviceState *dev, char *id, Error **errp) > if (prop) { > dev->id = id; > } else { > - g_free(id); > error_setg(errp, "Duplicate device ID '%s'", id); > + g_free(id); > return NULL; > } > } else { > -- > 2.31.1
Am 02.11.2021 um 17:33 hat Stefan Hajnoczi geschrieben: > Reported by Coverity (CID 1465222). > > Fixes: 4a1d937796de0fecd8b22d7dbebf87f38e8282fd ("softmmu/qdev-monitor: add error handling in qdev_set_id") > Cc: Damien Hedde <damien.hedde@greensocs.com> > Cc: Kevin Wolf <kwolf@redhat.com> > Cc: Michael S. Tsirkin <mst@redhat.com> > Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Oops, this is an embarrassing one. Sorry, my fault, not Damien's. Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Cc'ing Markus On 11/2/21 17:33, Stefan Hajnoczi wrote: > Reported by Coverity (CID 1465222). > > Fixes: 4a1d937796de0fecd8b22d7dbebf87f38e8282fd ("softmmu/qdev-monitor: add error handling in qdev_set_id") > Cc: Damien Hedde <damien.hedde@greensocs.com> > Cc: Kevin Wolf <kwolf@redhat.com> > Cc: Michael S. Tsirkin <mst@redhat.com> > Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> > --- > softmmu/qdev-monitor.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/softmmu/qdev-monitor.c b/softmmu/qdev-monitor.c > index 4851de51a5..06f86a1a96 100644 > --- a/softmmu/qdev-monitor.c > +++ b/softmmu/qdev-monitor.c > @@ -581,8 +581,8 @@ const char *qdev_set_id(DeviceState *dev, char *id, Error **errp) > if (prop) { > dev->id = id; > } else { > - g_free(id); > error_setg(errp, "Duplicate device ID '%s'", id); > + g_free(id); > return NULL; > } > } else { > Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Damien Hedde <damien.hedde@greensocs.com>
Philippe Mathieu-Daudé <philmd@redhat.com> writes: > Cc'ing Markus > > On 11/2/21 17:33, Stefan Hajnoczi wrote: >> Reported by Coverity (CID 1465222). >> >> Fixes: 4a1d937796de0fecd8b22d7dbebf87f38e8282fd ("softmmu/qdev-monitor: add error handling in qdev_set_id") >> Cc: Damien Hedde <damien.hedde@greensocs.com> >> Cc: Kevin Wolf <kwolf@redhat.com> >> Cc: Michael S. Tsirkin <mst@redhat.com> >> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> >> --- >> softmmu/qdev-monitor.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/softmmu/qdev-monitor.c b/softmmu/qdev-monitor.c >> index 4851de51a5..06f86a1a96 100644 >> --- a/softmmu/qdev-monitor.c >> +++ b/softmmu/qdev-monitor.c >> @@ -581,8 +581,8 @@ const char *qdev_set_id(DeviceState *dev, char *id, Error **errp) >> if (prop) { >> dev->id = id; >> } else { >> - g_free(id); >> error_setg(errp, "Duplicate device ID '%s'", id); >> + g_free(id); >> return NULL; >> } >> } else { >> > > Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> > Reviewed-by: Damien Hedde <damien.hedde@greensocs.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
Nominating for qemu-trivial. Markus Armbruster <armbru@redhat.com> writes: > Philippe Mathieu-Daudé <philmd@redhat.com> writes: > >> Cc'ing Markus >> >> On 11/2/21 17:33, Stefan Hajnoczi wrote: >>> Reported by Coverity (CID 1465222). >>> >>> Fixes: 4a1d937796de0fecd8b22d7dbebf87f38e8282fd ("softmmu/qdev-monitor: add error handling in qdev_set_id") >>> Cc: Damien Hedde <damien.hedde@greensocs.com> >>> Cc: Kevin Wolf <kwolf@redhat.com> >>> Cc: Michael S. Tsirkin <mst@redhat.com> >>> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> >>> --- >>> softmmu/qdev-monitor.c | 2 +- >>> 1 file changed, 1 insertion(+), 1 deletion(-) >>> >>> diff --git a/softmmu/qdev-monitor.c b/softmmu/qdev-monitor.c >>> index 4851de51a5..06f86a1a96 100644 >>> --- a/softmmu/qdev-monitor.c >>> +++ b/softmmu/qdev-monitor.c >>> @@ -581,8 +581,8 @@ const char *qdev_set_id(DeviceState *dev, char *id, Error **errp) >>> if (prop) { >>> dev->id = id; >>> } else { >>> - g_free(id); >>> error_setg(errp, "Duplicate device ID '%s'", id); >>> + g_free(id); >>> return NULL; >>> } >>> } else { >>> >> >> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> >> Reviewed-by: Damien Hedde <damien.hedde@greensocs.com> > > Reviewed-by: Markus Armbruster <armbru@redhat.com>
Am 13.11.2021 um 09:14 hat Markus Armbruster geschrieben: > Nominating for qemu-trivial. I'm sending a pull request anyway, so I'm merging it. Kevin > Markus Armbruster <armbru@redhat.com> writes: > > > Philippe Mathieu-Daudé <philmd@redhat.com> writes: > > > >> Cc'ing Markus > >> > >> On 11/2/21 17:33, Stefan Hajnoczi wrote: > >>> Reported by Coverity (CID 1465222). > >>> > >>> Fixes: 4a1d937796de0fecd8b22d7dbebf87f38e8282fd ("softmmu/qdev-monitor: add error handling in qdev_set_id") > >>> Cc: Damien Hedde <damien.hedde@greensocs.com> > >>> Cc: Kevin Wolf <kwolf@redhat.com> > >>> Cc: Michael S. Tsirkin <mst@redhat.com> > >>> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> > >>> --- > >>> softmmu/qdev-monitor.c | 2 +- > >>> 1 file changed, 1 insertion(+), 1 deletion(-) > >>> > >>> diff --git a/softmmu/qdev-monitor.c b/softmmu/qdev-monitor.c > >>> index 4851de51a5..06f86a1a96 100644 > >>> --- a/softmmu/qdev-monitor.c > >>> +++ b/softmmu/qdev-monitor.c > >>> @@ -581,8 +581,8 @@ const char *qdev_set_id(DeviceState *dev, char *id, Error **errp) > >>> if (prop) { > >>> dev->id = id; > >>> } else { > >>> - g_free(id); > >>> error_setg(errp, "Duplicate device ID '%s'", id); > >>> + g_free(id); > >>> return NULL; > >>> } > >>> } else { > >>> > >> > >> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> > >> Reviewed-by: Damien Hedde <damien.hedde@greensocs.com> > > > > Reviewed-by: Markus Armbruster <armbru@redhat.com> >
diff --git a/softmmu/qdev-monitor.c b/softmmu/qdev-monitor.c index 4851de51a5..06f86a1a96 100644 --- a/softmmu/qdev-monitor.c +++ b/softmmu/qdev-monitor.c @@ -581,8 +581,8 @@ const char *qdev_set_id(DeviceState *dev, char *id, Error **errp) if (prop) { dev->id = id; } else { - g_free(id); error_setg(errp, "Duplicate device ID '%s'", id); + g_free(id); return NULL; } } else {
Reported by Coverity (CID 1465222). Fixes: 4a1d937796de0fecd8b22d7dbebf87f38e8282fd ("softmmu/qdev-monitor: add error handling in qdev_set_id") Cc: Damien Hedde <damien.hedde@greensocs.com> Cc: Kevin Wolf <kwolf@redhat.com> Cc: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> --- softmmu/qdev-monitor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)