Igor, Paolo, you showed me the error in v2. Could you have a look at
this revision?
Markus Armbruster <arm...@redhat.com> writes:
> The Error ** argument must be NULL, &error_abort, &error_fatal, or a
> pointer to a variable containing NULL. Passing an argument of the
> latter kind twice without clearing it in between is wrong: if the
> first call sets an error, it no longer points to NULL for the second
> call.
>
> x86_cpu_new() is wrong that way: it passes &local_err to
> object_property_set_uint() without checking it, and then to
> qdev_realize(). If both fail, we'll trip error_setv()'s assertion.
> To assess the bug's impact, we'd need to figure out how to make both
> calls fail. Too much work for ignorant me, sorry.
>
> Fix by checking for failure right away.
>
> Cc: Igor Mammedov <imamm...@redhat.com>
> Cc: Paolo Bonzini <pbonz...@redhat.com>
> Cc: Richard Henderson <r...@twiddle.net>
> Cc: Eduardo Habkost <ehabk...@redhat.com>
> Signed-off-by: Markus Armbruster <arm...@redhat.com>
> ---
> hw/i386/x86.c | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/hw/i386/x86.c b/hw/i386/x86.c
> index 34229b45c7..93f7371a56 100644
> --- a/hw/i386/x86.c
> +++ b/hw/i386/x86.c
> @@ -118,14 +118,16 @@ uint32_t x86_cpu_apic_id_from_index(X86MachineState
> *x86ms,
>
> void x86_cpu_new(X86MachineState *x86ms, int64_t apic_id, Error **errp)
> {
> - Object *cpu = NULL;
> Error *local_err = NULL;
> -
> - cpu = object_new(MACHINE(x86ms)->cpu_type);
> + Object *cpu = object_new(MACHINE(x86ms)->cpu_type);
>
> object_property_set_uint(cpu, apic_id, "apic-id", &local_err);
> + if (local_err) {
> + goto out;
> + }
> qdev_realize(DEVICE(cpu), NULL, &local_err);
>
> +out:
> object_unref(cpu);
> error_propagate(errp, local_err);
> }
