Re: [Qemu-devel] [PATCH 2/2] qemu queue: fix uninitialized removals

Tim Hardeck Wed, 17 Oct 2012 14:24:47 -0700

Hi Andreas,

On Wednesday 17 October 2012 17:00:15 Andreas Färber wrote:
> Tim,
>
> Am 14.10.2012 15:08, schrieb Tim Hardeck:
> > When calling QTAILQ_REMOVE or QLIST_REMOVE on an unitialized list
> > QEMU segfaults.
>
> Can this be reproduced by a user today? Or is this just fixing the case
> that a developer forgot to initialize a list?
I am not sure but in this case it happened during an early VNC connection
state failure which most likely wouldn't happen to regular users.
I triggered it while working on the VNC connection part.


The issue could most likely be also fixed in the VNC connection initialization
process but if this changes doesn't have a relevant performance impact they
might prevent some other/future crashes.

Regards
Tim

>
> Regards,
> Andreas
>
> > Check for this case specifically on item removal.
> >
> > Signed-off-by: Tim Hardeck <thard...@suse.de>
> > ---
> >
> >  qemu-queue.h |    8 ++++++--
> >  1 file changed, 6 insertions(+), 2 deletions(-)
> >
> > diff --git a/qemu-queue.h b/qemu-queue.h
> > index 9288cd8..47ed239 100644
> > --- a/qemu-queue.h
> > +++ b/qemu-queue.h
> > @@ -141,7 +141,9 @@ struct {
> >                  \>
> >          if ((elm)->field.le_next != NULL)                               \
> >
> >                  (elm)->field.le_next->field.le_prev =                   \
> >
> >                      (elm)->field.le_prev;                               \
> >
> > -        *(elm)->field.le_prev = (elm)->field.le_next;                   \
> > +        if ((elm)->field.le_prev != NULL) {                             \
> > +            *(elm)->field.le_prev = (elm)->field.le_next;               \
> > +        }                                                               \
> >
> >  } while (/*CONSTCOND*/0)
> >
> >  #define QLIST_FOREACH(var, head, field)                                 \
> >
> > @@ -381,7 +383,9 @@ struct {
> >                  \>
> >                      (elm)->field.tqe_prev;                              \
> >
> >          else                                                            \
> >
> >                  (head)->tqh_last = (elm)->field.tqe_prev;               \
> >
> > -        *(elm)->field.tqe_prev = (elm)->field.tqe_next;                 \
> > +        if ((elm)->field.tqe_prev != NULL) {                            \
> > +            *(elm)->field.tqe_prev = (elm)->field.tqe_next;             \
> > +        }                                                               \
> >
> >  } while (/*CONSTCOND*/0)
> >
> >  #define QTAILQ_FOREACH(var, head, field)                                \
--
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB
16746 (AG Nürnberg)
Maxfeldstr. 5, 90409 Nürnberg, Germany
T: +49 (0) 911 74053-0  F: +49 (0) 911 74053-483 http://www.suse.de/

signature.asc
Description: This is a digitally signed message part.

Re: [Qemu-devel] [PATCH 2/2] qemu queue: fix uninitialized removals

Reply via email to