[Qemu-devel] [PATCH] 9pfs: fix NULL pointer dereference in v9fs_version

Li Qiang Mon, 26 Sep 2016 21:41:01 -0700

From: Li Qiang <liqiang...@360.cn>

In 9pfs get version dispatch function, a guest can provide a NULL
version string thus causing an NULL pointer dereference issue.
This patch fix this issue.


Signed-off-by: Li Qiang <liqiang...@360.cn>
---
 hw/9pfs/9p.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index 119ee58..dd3145c 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -955,6 +955,11 @@ static void v9fs_version(void *opaque)
         offset = err;
         goto out;
     }
+
+    if (!version.data) {
+        offset = -EINVAL;
+        goto out;
+    }
     trace_v9fs_version(pdu->tag, pdu->id, s->msize, version.data);
 
     virtfs_reset(pdu);
-- 
1.8.3.1

[Qemu-devel] [PATCH] 9pfs: fix NULL pointer dereference in v9fs_version

Reply via email to