From: Marc-André Lureau <[email protected]>
vfu_object_set_socket() dereferences o->socket without checking if
visit_type_SocketAddress() succeeded. On failure, o->socket remains
NULL, leading to a NULL dereference. Check the return value.
Fixes: 8f9a9259d32c ("vfio-user: define vfio-user-server object")
Reviewed-by: Jagannathan Raman <[email protected]>
Signed-off-by: Marc-André Lureau <[email protected]>
---
hw/remote/vfio-user-obj.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/hw/remote/vfio-user-obj.c b/hw/remote/vfio-user-obj.c
index 12ecdab6dea..49bf5ecae0c 100644
--- a/hw/remote/vfio-user-obj.c
+++ b/hw/remote/vfio-user-obj.c
@@ -161,7 +161,9 @@ static void vfu_object_set_socket(Object *obj, Visitor *v,
const char *name,
o->socket = NULL;
- visit_type_SocketAddress(v, name, &o->socket, errp);
+ if (!visit_type_SocketAddress(v, name, &o->socket, errp)) {
+ return;
+ }
if (o->socket->type != SOCKET_ADDRESS_TYPE_UNIX) {
error_setg(errp, "vfu: Unsupported socket type - %s",
--
2.54.0
