Hi,
Should be easy to fix though. Does the following help?
(Cc'ing Stefan & Kevin)
-->
xen_disk: fix possible null-ptr dereference
Signed-off-by: Gonglei <arei.gong...@huawei.com>
---
hw/block/xen_disk.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/block/xen_disk.c b/hw/block/xen_disk.c
index aed5b5b..a221d0b 100644
--- a/hw/block/xen_disk.c
+++ b/hw/block/xen_disk.c
@@ -589,6 +589,7 @@ static int blk_send_response_one(struct ioreq *ioreq)
break;
default:
dst = NULL;
+ return 0;
}
memcpy(dst, &resp, sizeof(resp));
blkdev->rings.common.rsp_prod_pvt++;
--
Best regards,
-Gonglei
From: qemu-devel-bounces+arei.gonglei=huawei....@nongnu.org
[mailto:qemu-devel-bounces+arei.gonglei=huawei....@nongnu.org] On Behalf Of
mateusz.krzywi...@windowslive.com
Sent: Saturday, July 26, 2014 6:52 PM
To: qemu-devel@nongnu.org
Subject: [Qemu-devel] Possible null-ptr dereference
Hey,
Found a little bug in latest qemu:
In function:
static int blk_send_response_one(struct ioreq *ioreq)
File:
qemu\hw\block\xen_disk.c
Code:
default:
dst = NULL;
}
memcpy(dst, &resp, sizeof(resp));
Just add simple check for dst and it will be all cool ;-)
Best regards,
Mateusz Krzywicki
