If the write operation fails and the wps is NULL, then accessing it will
lead to data corruption.
Solving the issue by adding a nullptr checking in get_zones_wp() where
the wps is used.
This issue is found by Peter Maydell using the Coverity Tool (CID
1512459).
Signed-off-by: Sam Li <faithilike...@gmail.com>
---
block/file-posix.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/block/file-posix.c b/block/file-posix.c
index 0d9d179a35..620942bf40 100644
--- a/block/file-posix.c
+++ b/block/file-posix.c
@@ -1340,6 +1340,10 @@ static int get_zones_wp(BlockDriverState *bs, int fd,
int64_t offset,
rep_size = sizeof(struct blk_zone_report) + nrz * sizeof(struct blk_zone);
g_autofree struct blk_zone_report *rep = NULL;
+ if (!wps) {
+ return -1;
+ }
+
rep = g_malloc(rep_size);
blkz = (struct blk_zone *)(rep + 1);
while (n < nrz) {
--
2.40.1
