On Thu, 30 May 2024 at 01:52, David Gibson <da...@gibson.dropbear.id.au> wrote: > > On Wed, May 29, 2024 at 02:07:18PM +0300, Oleg Sviridov wrote: > > Pointer, returned from function 'spapr_vio_find_by_reg', may be NULL and is > > dereferenced immediately after. > > > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > > > Signed-off-by: Oleg Sviridov <oleg.sviri...@red-soft.ru> > > --- > > hw/net/spapr_llan.c | 4 ++++ > > 1 file changed, 4 insertions(+) > > > > diff --git a/hw/net/spapr_llan.c b/hw/net/spapr_llan.c > > index ecb30b7c76..f40b733229 100644 > > --- a/hw/net/spapr_llan.c > > +++ b/hw/net/spapr_llan.c > > @@ -770,6 +770,10 @@ static target_ulong > > h_change_logical_lan_mac(PowerPCCPU *cpu, > > SpaprVioVlan *dev = VIO_SPAPR_VLAN_DEVICE(sdev); > > Hmm... I thought VIO_SPAPR_VLAN_DEVICE() was supposed to abort if sdev > was NULL or not of the right type. Or have the rules for qom helpers > changed since I wrote this.
QOM casts abort if the type is wrong, but a NULL pointer is passed through as a NULL pointer. thanks -- PMM
