+-- On Thu, 25 Apr 2019, P J P wrote --+
| When releasing spice resources in release_resource() routine,
| if release info object 'ext.info' is null, it leads to null
| pointer dereference. Add check to avoid it.
|
| diff --git a/hw/display/qxl.c b/hw/display/qxl.c
| index c8ce5781e0..632923add2 100644
| --- a/hw/display/qxl.c
| +++ b/hw/display/qxl.c
| @@ -777,6 +777,9 @@ static void interface_release_resource(QXLInstance *sin,
| QXLReleaseRing *ring;
| uint64_t *item, id;
|
| + if (!ext.info) {
| + return;
| + }
| if (ext.group_id == MEMSLOT_GROUP_HOST) {
| /* host group -> vga mode update request */
| QXLCommandExt *cmdext = (void *)(intptr_t)(ext.info->id);
|
Ping...!
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
