Re: [Qemu-devel][PATCH] ppc/spapr_events: fix potential NULL pointer dereference in rtas_event_log_dequeue

Mon, 18 Nov 2019 19:20:02 -0800 

Thanks for you reply.
I think you are right, I will send a new version later.

On 2019/11/19 10:50, David Gibson wrote:
> On Mon, Nov 18, 2019 at 09:50:13AM +0800, pannengy...@huawei.com wrote:
>> From: PanNengyuan <pannengy...@huawei.com>
>>
>> source is being dereferenced before it is null checked, hence there is a
>> potential null pointer dereference.
>>
>> This fixes:
>>         360
>>     CID 68911917: (NULL_RETURNS)
>>         361. dereference: Dereferencing "source", which is known to be
>>         "NULL".
>>         361        if (source->mask & event_mask) {
>>         362            break;
>>         363        }
>>
>> Reported-by: Euler Robot <euler.ro...@huawei.com>
>> Signed-off-by: PanNengyuan <pannengy...@huawei.com>
> 
> I don't think this is the right solution.  The only events we ever
> generated are LOG_TYPE_EPOW and LOG_TYPE_HOTPLUG, so in fact source
> should never be NULL.
> 
> I think the correct way to satisfy Coverity here is to have
> rtas_event_log_to_source() do an assert(), rather than returning NULL
> for other event types.
> 
>> ---
>>  hw/ppc/spapr_events.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c
>> index 0e4c195..febd2ef 100644
>> --- a/hw/ppc/spapr_events.c
>> +++ b/hw/ppc/spapr_events.c
>> @@ -358,7 +358,7 @@ static SpaprEventLogEntry 
>> *rtas_event_log_dequeue(SpaprMachineState *spapr,
>>              rtas_event_log_to_source(spapr,
>>                                       spapr_event_log_entry_type(entry));
>>  
>> -        if (source->mask & event_mask) {
>> +        if (source && (source->mask & event_mask)) {
>>              break;
>>          }
>>      }
>

Reply via email to