From patchwork Thu Aug 30 15:47:09 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Liam Merwick X-Patchwork-Id: 10582165 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9DFAD14BD for ; Thu, 30 Aug 2018 15:51:37 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8F3972C0B4 for ; Thu, 30 Aug 2018 15:51:37 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8310A2C0BC; Thu, 30 Aug 2018 15:51:37 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI,T_DKIM_INVALID,UNPARSEABLE_RELAY autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 3345B2C0B4 for ; Thu, 30 Aug 2018 15:51:37 +0000 (UTC) Received: from localhost ([::1]:49580 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fvPEO-0000KU-Dy for patchwork-qemu-devel@patchwork.kernel.org; Thu, 30 Aug 2018 11:51:36 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:53877) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fvPCA-0006Y2-Tt for qemu-devel@nongnu.org; Thu, 30 Aug 2018 11:49:25 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fvP8j-0005u3-87 for qemu-devel@nongnu.org; Thu, 30 Aug 2018 11:45:48 -0400 Received: from userp2130.oracle.com ([156.151.31.86]:53914) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fvP8g-0005lH-2y for qemu-devel@nongnu.org; Thu, 30 Aug 2018 11:45:43 -0400 Received: from pps.filterd (userp2130.oracle.com [127.0.0.1]) by userp2130.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w7UFdGs5000803 for ; Thu, 30 Aug 2018 15:45:40 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : subject : date : message-id : in-reply-to : references; s=corp-2018-07-02; bh=0905u8WgI+JpxzHiVD9d7NZj9e+qCkCdXVrEqr/vpeQ=; b=Ok2UZrAU1fjYp5scdxZfc6WdaXVw4SIDzWudcutU6g01eW4gmsAdfNNGsJxn47VdyHkf mX1mb2M03FLVDgVHsvG53maF1I1lE4hk86rA8QmCp1HPfQWmbCTb44hR4z4zHMvhw4Dk fYX8QXwyDCPry5Yn2q2vJYctoQRDZXImAkLMVHIpibM/X0EFhF2l+6JCRUBGZDXGbMSB 8jOcs5XTEfnzzeRL9GVdNmlixYhpVTHP37yekTUQYMu3yb6VHUlxpytGM3TetdPfadMx UlDtoLE3JdE9C8XySl32p8xmIC+KPThE4D2wExv47z4eeXPZrkeTeO2K5cVVwbe7dULQ Zw== Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234]) by userp2130.oracle.com with ESMTP id 2m2xhu5j5t-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Thu, 30 Aug 2018 15:45:39 +0000 Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by aserv0022.oracle.com (8.14.4/8.14.4) with ESMTP id w7UFjX9i014489 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Thu, 30 Aug 2018 15:45:34 GMT Received: from abhmp0014.oracle.com (abhmp0014.oracle.com [141.146.116.20]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id w7UFjXkq007757 for ; Thu, 30 Aug 2018 15:45:33 GMT Received: from ol7.uk.oracle.com (/10.175.215.81) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 30 Aug 2018 08:45:33 -0700 From: Liam Merwick To: qemu-devel@nongnu.org Date: Thu, 30 Aug 2018 16:47:09 +0100 Message-Id: <1535644031-848-7-git-send-email-Liam.Merwick@oracle.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1535644031-848-1-git-send-email-Liam.Merwick@oracle.com> References: <1535644031-848-1-git-send-email-Liam.Merwick@oracle.com> X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9000 signatures=668708 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=1 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=741 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1808300162 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] X-Received-From: 156.151.31.86 Subject: [Qemu-devel] [PATCH 6/8] block: dump_qlist() may dereference a Null pointer X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP A NULL 'list' passed into function dump_qlist() isn't correctly validated and can be passed to qlist_first() where it is dereferenced. This could be resolved by checking if the list is NULL in dump_qlist() and returning immediately. However, the general case can be handled by adding a NULL arg check to to qlist_first() and qlist_next() and all the callers to those functions handle that cleanly. Signed-off-by: Liam Merwick Reviewed-by: Darren Kenny Reviewed-by: Mark Kanda --- include/qapi/qmp/qlist.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/include/qapi/qmp/qlist.h b/include/qapi/qmp/qlist.h index 8d2c32ca2863..1ec716e2eb9e 100644 --- a/include/qapi/qmp/qlist.h +++ b/include/qapi/qmp/qlist.h @@ -58,11 +58,17 @@ void qlist_destroy_obj(QObject *obj); static inline const QListEntry *qlist_first(const QList *qlist) { + if (!qlist) { + return NULL; + } return QTAILQ_FIRST(&qlist->head); } static inline const QListEntry *qlist_next(const QListEntry *entry) { + if (!entry) { + return NULL; + } return QTAILQ_NEXT(entry, next); }