You forgot to Cc the subsystem maintainers... ./scripts/get_maintainer.pl -f hw/scsi/megasas.c Hannes Reinecke <h...@suse.com> (supporter:megasas) Paolo Bonzini <pbonz...@redhat.com> (supporter:SCSI) Fam Zheng <f...@euphon.net> (reviewer:SCSI)
On 1/25/21 3:22 PM, Mauro Matteo Cascella wrote: > Hello, > > Any updates on this little patch? Please find below a reproducer for > this bug (thanks Alexander): > https://lists.nongnu.org/archive/html/qemu-devel/2021-01/msg02567.html "Little patch" but with security involvements ;) As Paolo usually asks for reproducer to be integrated with the fix, it might save him/you time if you respin with the reproducer. You can have a look at https://www.mail-archive.com/qemu-block@nongnu.org/msg78982.html for example. That said, unrelated to your patch but I'm not sure how useful it is to test for bugs found by fuzzer each time in our CI. There are borderline cases not representing proper use. Maybe we could run them weekly instead... > Thank you, > > On Thu, Dec 24, 2020 at 6:55 PM Mauro Matteo Cascella > <mcasc...@redhat.com> wrote: >> >> Ensure that 'cmd->frame' is not NULL before accessing the 'header' field. >> This check prevents a potential NULL pointer dereference issue. >> >> RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1910346 >> Signed-off-by: Mauro Matteo Cascella <mcasc...@redhat.com> >> Reported-by: Cheolwoo Myung <cwmy...@snu.ac.kr> >> --- >> hw/scsi/megasas.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c >> index 1a5fc5857d..77510e120c 100644 >> --- a/hw/scsi/megasas.c >> +++ b/hw/scsi/megasas.c >> @@ -1893,7 +1893,7 @@ static void megasas_command_cancelled(SCSIRequest *req) >> { >> MegasasCmd *cmd = req->hba_private; >> >> - if (!cmd) { >> + if (!cmd || !cmd->frame) { >> return; >> } >> cmd->frame->header.cmd_status = MFI_STAT_SCSI_IO_FAILED; >> -- >> 2.29.2 >> > >
