From patchwork Wed Apr 6 00:14:15 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steven Luo X-Patchwork-Id: 8757811 Return-Path: X-Original-To: patchwork-qemu-devel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id BD9BEC0553 for ; Wed, 6 Apr 2016 03:13:57 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 2A4972034B for ; Wed, 6 Apr 2016 03:13:57 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 8317D2034A for ; Wed, 6 Apr 2016 03:13:56 +0000 (UTC) Received: from localhost ([::1]:40512 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1andul-0008C9-Rs for patchwork-qemu-devel@patchwork.kernel.org; Tue, 05 Apr 2016 23:13:55 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38290) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1anb6z-0005bd-35 for qemu-devel@nongnu.org; Tue, 05 Apr 2016 20:14:21 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1anb6v-0007Lc-TV for qemu-devel@nongnu.org; Tue, 05 Apr 2016 20:14:21 -0400 Received: from nm24-vm0.bullet.mail.ne1.yahoo.com ([98.138.90.34]:58479) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1anb6v-0007LJ-NT for qemu-devel@nongnu.org; Tue, 05 Apr 2016 20:14:17 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1459901657; bh=vIkZVpXpUEc4IYgu/E+gjCNdIIobceUc1NmF9yrF5Og=; h=From:Date:To:Cc:Subject:References:In-Reply-To:From:Subject; b=KW7fJSl7QWKntVM9kdu10xtHaZgYmxHdE2Iz92A9Iw6Js+CMg++yVRdvnIEMnXiDs3LdMPyMvgtWu5sWRhXafoJDvsT6DNTaAYtJOkmhe52gt0rcBaL6t5/fVZqsBaFnfDWhPur00XiW6rgUo5bM4NNhDTLB7WPGltxo/fDQOXADkQ1RmcPulDtlhQRUIUznziQkAx+Z2Us1jsEKsh+KUdChFqgYT0+5fhXq0wMv6kEbSWjZxkZt0T9pFmjuDYSOayEooEcYXeurf8y1JTTv+zQOIaqLMoVdjxuvNnZhPRIpZeqV5HMbfzeivewgLiEIRp8Q23QB+By0+d+tJsQtCw== Received: from [98.138.100.112] by nm24.bullet.mail.ne1.yahoo.com with NNFMP; 06 Apr 2016 00:14:17 -0000 Received: from [98.138.84.39] by tm103.bullet.mail.ne1.yahoo.com with NNFMP; 06 Apr 2016 00:14:17 -0000 Received: from [127.0.0.1] by smtp107.mail.ne1.yahoo.com with NNFMP; 06 Apr 2016 00:14:17 -0000 X-Yahoo-Newman-Id: 182250.12913.bm@smtp107.mail.ne1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: r19QuvAVM1lNucx.ae3jiIj8eJhzNkiHonK0C.t6F6VFT5l YvZVTGtOVO403EHGiL0DyQm5eQ82iuKEYRyX.enGn00VOMAWoqfSUq4jD1a3 vb3XHV2PoFFV2jyHTbdaL3TeuJ67U7xY4WukBlPYXXNiQ90Zk6ZjMtwo99Ll C2bD3Z.Xqzp4ZfNw3y.0bM5oRHBwWGSsGu27AAe7rHpqNPgLbuZ3ujJXxGnu cBs1MD8w3Psrbj8goetRjI.mSv2AW9eeoe4cEmXMLD5B9MrQBSTpgzNDB2eo cLyMmUfsbYVk8sT017OYV8TCOPHPTkSW582.sgCKaC4f61EOME8IooqEELg1 IvcltqEnDNL.v9qD6CWz.VzXhT3AHpoXfMZv03crKxyk34r1kN6n2u6olphJ 5JpV5xjcHAmcc4vV_J7OE98iKTwrzwdTLD.zTFff2DUny7c.JbH_vdUlRS.z 8sRf8Wfanlk4K1wOaFkuv2vGDj4vTPRod6a7ORkyLblYewD9tIxLMvp1cbcX qmpEf_RalmBeS.ti5OajcMqJsZxaBtsr0fW0XwY.mOb59_gl0xezHsSmEy57 2tXZmdhEdQAz.Tw-- X-Yahoo-SMTP: Y7o5YpyswBBHhc3nmZojVAb_njS6isj_ExStQZr.uIjYoAwP From: steven@steven676.net Received: from sandcity.steven676.net (fortord.int.steven676.net [192.168.0.1]) by carmel.steven676.net (Postfix) with ESMTPS id 0113D13A46; Tue, 5 Apr 2016 17:14:16 -0700 (PDT) Received: by sandcity.steven676.net (Postfix, from userid 1000) id DD12520885; Tue, 5 Apr 2016 17:14:15 -0700 (PDT) Date: Tue, 5 Apr 2016 17:14:15 -0700 To: qemu-devel@nongnu.org Message-ID: <253bf597006af610acb4ba8be07125239bc48f69.1459896208.git.steven@steven676.net> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 98.138.90.34 X-Mailman-Approved-At: Tue, 05 Apr 2016 23:13:42 -0400 Cc: "Edgar E. Iglesias" , Jan Kiszka Subject: [Qemu-devel] [PATCH 1/3] slirp: don't crash when tcp_sockclosed() is called with a NULL tp X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org X-Spam-Status: No, score=-5.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI, TVD_FROM_1, T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Signed-off-by: Steven Luo --- This prevents a crash that would be exposed by a later patch in this series. The removed check for non-null is clearly wrong, as it comes after the pointer has already been dereferenced in this function. slirp/tcp_subr.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c index dbfd2c6..32ff452 100644 --- a/slirp/tcp_subr.c +++ b/slirp/tcp_subr.c @@ -356,6 +356,10 @@ tcp_sockclosed(struct tcpcb *tp) DEBUG_CALL("tcp_sockclosed"); DEBUG_ARG("tp = %p", tp); + if (!tp) { + return; + } + switch (tp->t_state) { case TCPS_CLOSED: @@ -374,8 +378,7 @@ tcp_sockclosed(struct tcpcb *tp) tp->t_state = TCPS_LAST_ACK; break; } - if (tp) - tcp_output(tp); + tcp_output(tp); } /*