* [PATCH] softmmu/qdev-monitor: fix use-after-free in qdev_set_id()
@ 2021-11-02 16:33 Stefan Hajnoczi
2021-11-02 16:50 ` Philippe Mathieu-Daudé
` (3 more replies)
0 siblings, 4 replies; 8+ messages in thread
From: Stefan Hajnoczi @ 2021-11-02 16:33 UTC (permalink / raw)
To: qemu-devel
Cc: Damien Hedde, Kevin Wolf, Daniel P. Berrangé,
Eduardo Habkost, Michael S . Tsirkin, Stefan Hajnoczi,
Paolo Bonzini
Reported by Coverity (CID 1465222).
Fixes: 4a1d937796de0fecd8b22d7dbebf87f38e8282fd ("softmmu/qdev-monitor: add error handling in qdev_set_id")
Cc: Damien Hedde <damien.hedde@greensocs.com>
Cc: Kevin Wolf <kwolf@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
softmmu/qdev-monitor.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/softmmu/qdev-monitor.c b/softmmu/qdev-monitor.c
index 4851de51a5..06f86a1a96 100644
--- a/softmmu/qdev-monitor.c
+++ b/softmmu/qdev-monitor.c
@@ -581,8 +581,8 @@ const char *qdev_set_id(DeviceState *dev, char *id, Error **errp)
if (prop) {
dev->id = id;
} else {
- g_free(id);
error_setg(errp, "Duplicate device ID '%s'", id);
+ g_free(id);
return NULL;
}
} else {
--
2.31.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH] softmmu/qdev-monitor: fix use-after-free in qdev_set_id()
2021-11-02 16:33 [PATCH] softmmu/qdev-monitor: fix use-after-free in qdev_set_id() Stefan Hajnoczi
@ 2021-11-02 16:50 ` Philippe Mathieu-Daudé
2021-11-02 17:07 ` Michael S. Tsirkin
` (2 subsequent siblings)
3 siblings, 0 replies; 8+ messages in thread
From: Philippe Mathieu-Daudé @ 2021-11-02 16:50 UTC (permalink / raw)
To: Stefan Hajnoczi, qemu-devel
Cc: Damien Hedde, Kevin Wolf, Daniel P. Berrangé,
Eduardo Habkost, Michael S . Tsirkin, Paolo Bonzini
On 11/2/21 17:33, Stefan Hajnoczi wrote:
> Reported by Coverity (CID 1465222).
>
> Fixes: 4a1d937796de0fecd8b22d7dbebf87f38e8282fd ("softmmu/qdev-monitor: add error handling in qdev_set_id")
> Cc: Damien Hedde <damien.hedde@greensocs.com>
> Cc: Kevin Wolf <kwolf@redhat.com>
> Cc: Michael S. Tsirkin <mst@redhat.com>
> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
> ---
> softmmu/qdev-monitor.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/softmmu/qdev-monitor.c b/softmmu/qdev-monitor.c
> index 4851de51a5..06f86a1a96 100644
> --- a/softmmu/qdev-monitor.c
> +++ b/softmmu/qdev-monitor.c
> @@ -581,8 +581,8 @@ const char *qdev_set_id(DeviceState *dev, char *id, Error **errp)
> if (prop) {
> dev->id = id;
> } else {
> - g_free(id);
> error_setg(errp, "Duplicate device ID '%s'", id);
> + g_free(id);
> return NULL;
> }
Ouch.
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] softmmu/qdev-monitor: fix use-after-free in qdev_set_id()
2021-11-02 16:33 [PATCH] softmmu/qdev-monitor: fix use-after-free in qdev_set_id() Stefan Hajnoczi
2021-11-02 16:50 ` Philippe Mathieu-Daudé
@ 2021-11-02 17:07 ` Michael S. Tsirkin
2021-11-02 17:52 ` Kevin Wolf
2021-11-03 9:46 ` Philippe Mathieu-Daudé
3 siblings, 0 replies; 8+ messages in thread
From: Michael S. Tsirkin @ 2021-11-02 17:07 UTC (permalink / raw)
To: Stefan Hajnoczi
Cc: Damien Hedde, Kevin Wolf, Daniel P. Berrangé,
Eduardo Habkost, qemu-devel, Paolo Bonzini
On Tue, Nov 02, 2021 at 04:33:42PM +0000, Stefan Hajnoczi wrote:
> Reported by Coverity (CID 1465222).
>
> Fixes: 4a1d937796de0fecd8b22d7dbebf87f38e8282fd ("softmmu/qdev-monitor: add error handling in qdev_set_id")
> Cc: Damien Hedde <damien.hedde@greensocs.com>
> Cc: Kevin Wolf <kwolf@redhat.com>
> Cc: Michael S. Tsirkin <mst@redhat.com>
> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Ouch.
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
> ---
> softmmu/qdev-monitor.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/softmmu/qdev-monitor.c b/softmmu/qdev-monitor.c
> index 4851de51a5..06f86a1a96 100644
> --- a/softmmu/qdev-monitor.c
> +++ b/softmmu/qdev-monitor.c
> @@ -581,8 +581,8 @@ const char *qdev_set_id(DeviceState *dev, char *id, Error **errp)
> if (prop) {
> dev->id = id;
> } else {
> - g_free(id);
> error_setg(errp, "Duplicate device ID '%s'", id);
> + g_free(id);
> return NULL;
> }
> } else {
> --
> 2.31.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] softmmu/qdev-monitor: fix use-after-free in qdev_set_id()
2021-11-02 16:33 [PATCH] softmmu/qdev-monitor: fix use-after-free in qdev_set_id() Stefan Hajnoczi
2021-11-02 16:50 ` Philippe Mathieu-Daudé
2021-11-02 17:07 ` Michael S. Tsirkin
@ 2021-11-02 17:52 ` Kevin Wolf
2021-11-03 9:46 ` Philippe Mathieu-Daudé
3 siblings, 0 replies; 8+ messages in thread
From: Kevin Wolf @ 2021-11-02 17:52 UTC (permalink / raw)
To: Stefan Hajnoczi
Cc: Damien Hedde, Daniel P. Berrangé,
Eduardo Habkost, Michael S . Tsirkin, qemu-devel, Paolo Bonzini
Am 02.11.2021 um 17:33 hat Stefan Hajnoczi geschrieben:
> Reported by Coverity (CID 1465222).
>
> Fixes: 4a1d937796de0fecd8b22d7dbebf87f38e8282fd ("softmmu/qdev-monitor: add error handling in qdev_set_id")
> Cc: Damien Hedde <damien.hedde@greensocs.com>
> Cc: Kevin Wolf <kwolf@redhat.com>
> Cc: Michael S. Tsirkin <mst@redhat.com>
> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Oops, this is an embarrassing one. Sorry, my fault, not Damien's.
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] softmmu/qdev-monitor: fix use-after-free in qdev_set_id()
2021-11-02 16:33 [PATCH] softmmu/qdev-monitor: fix use-after-free in qdev_set_id() Stefan Hajnoczi
` (2 preceding siblings ...)
2021-11-02 17:52 ` Kevin Wolf
@ 2021-11-03 9:46 ` Philippe Mathieu-Daudé
2021-11-03 10:01 ` Markus Armbruster
3 siblings, 1 reply; 8+ messages in thread
From: Philippe Mathieu-Daudé @ 2021-11-03 9:46 UTC (permalink / raw)
To: Stefan Hajnoczi, qemu-devel, Markus Armbruster
Cc: Damien Hedde, Kevin Wolf, Daniel P. Berrangé,
Eduardo Habkost, Michael S . Tsirkin, Paolo Bonzini
Cc'ing Markus
On 11/2/21 17:33, Stefan Hajnoczi wrote:
> Reported by Coverity (CID 1465222).
>
> Fixes: 4a1d937796de0fecd8b22d7dbebf87f38e8282fd ("softmmu/qdev-monitor: add error handling in qdev_set_id")
> Cc: Damien Hedde <damien.hedde@greensocs.com>
> Cc: Kevin Wolf <kwolf@redhat.com>
> Cc: Michael S. Tsirkin <mst@redhat.com>
> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
> ---
> softmmu/qdev-monitor.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/softmmu/qdev-monitor.c b/softmmu/qdev-monitor.c
> index 4851de51a5..06f86a1a96 100644
> --- a/softmmu/qdev-monitor.c
> +++ b/softmmu/qdev-monitor.c
> @@ -581,8 +581,8 @@ const char *qdev_set_id(DeviceState *dev, char *id, Error **errp)
> if (prop) {
> dev->id = id;
> } else {
> - g_free(id);
> error_setg(errp, "Duplicate device ID '%s'", id);
> + g_free(id);
> return NULL;
> }
> } else {
>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Damien Hedde <damien.hedde@greensocs.com>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] softmmu/qdev-monitor: fix use-after-free in qdev_set_id()
2021-11-03 9:46 ` Philippe Mathieu-Daudé
@ 2021-11-03 10:01 ` Markus Armbruster
2021-11-13 8:14 ` Markus Armbruster
0 siblings, 1 reply; 8+ messages in thread
From: Markus Armbruster @ 2021-11-03 10:01 UTC (permalink / raw)
To: Philippe Mathieu-Daudé
Cc: Damien Hedde, Kevin Wolf, Daniel P. Berrangé,
Eduardo Habkost, Michael S . Tsirkin, qemu-devel,
Stefan Hajnoczi, Paolo Bonzini
Philippe Mathieu-Daudé <philmd@redhat.com> writes:
> Cc'ing Markus
>
> On 11/2/21 17:33, Stefan Hajnoczi wrote:
>> Reported by Coverity (CID 1465222).
>>
>> Fixes: 4a1d937796de0fecd8b22d7dbebf87f38e8282fd ("softmmu/qdev-monitor: add error handling in qdev_set_id")
>> Cc: Damien Hedde <damien.hedde@greensocs.com>
>> Cc: Kevin Wolf <kwolf@redhat.com>
>> Cc: Michael S. Tsirkin <mst@redhat.com>
>> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
>> ---
>> softmmu/qdev-monitor.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/softmmu/qdev-monitor.c b/softmmu/qdev-monitor.c
>> index 4851de51a5..06f86a1a96 100644
>> --- a/softmmu/qdev-monitor.c
>> +++ b/softmmu/qdev-monitor.c
>> @@ -581,8 +581,8 @@ const char *qdev_set_id(DeviceState *dev, char *id, Error **errp)
>> if (prop) {
>> dev->id = id;
>> } else {
>> - g_free(id);
>> error_setg(errp, "Duplicate device ID '%s'", id);
>> + g_free(id);
>> return NULL;
>> }
>> } else {
>>
>
> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> Reviewed-by: Damien Hedde <damien.hedde@greensocs.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] softmmu/qdev-monitor: fix use-after-free in qdev_set_id()
2021-11-03 10:01 ` Markus Armbruster
@ 2021-11-13 8:14 ` Markus Armbruster
2021-11-15 14:48 ` Kevin Wolf
0 siblings, 1 reply; 8+ messages in thread
From: Markus Armbruster @ 2021-11-13 8:14 UTC (permalink / raw)
To: qemu-trivial
Cc: Damien Hedde, Kevin Wolf, Daniel P. Berrangé,
Eduardo Habkost, Michael S . Tsirkin, qemu-devel,
Stefan Hajnoczi, Paolo Bonzini, Philippe Mathieu-Daudé
Nominating for qemu-trivial.
Markus Armbruster <armbru@redhat.com> writes:
> Philippe Mathieu-Daudé <philmd@redhat.com> writes:
>
>> Cc'ing Markus
>>
>> On 11/2/21 17:33, Stefan Hajnoczi wrote:
>>> Reported by Coverity (CID 1465222).
>>>
>>> Fixes: 4a1d937796de0fecd8b22d7dbebf87f38e8282fd ("softmmu/qdev-monitor: add error handling in qdev_set_id")
>>> Cc: Damien Hedde <damien.hedde@greensocs.com>
>>> Cc: Kevin Wolf <kwolf@redhat.com>
>>> Cc: Michael S. Tsirkin <mst@redhat.com>
>>> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
>>> ---
>>> softmmu/qdev-monitor.c | 2 +-
>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/softmmu/qdev-monitor.c b/softmmu/qdev-monitor.c
>>> index 4851de51a5..06f86a1a96 100644
>>> --- a/softmmu/qdev-monitor.c
>>> +++ b/softmmu/qdev-monitor.c
>>> @@ -581,8 +581,8 @@ const char *qdev_set_id(DeviceState *dev, char *id, Error **errp)
>>> if (prop) {
>>> dev->id = id;
>>> } else {
>>> - g_free(id);
>>> error_setg(errp, "Duplicate device ID '%s'", id);
>>> + g_free(id);
>>> return NULL;
>>> }
>>> } else {
>>>
>>
>> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
>> Reviewed-by: Damien Hedde <damien.hedde@greensocs.com>
>
> Reviewed-by: Markus Armbruster <armbru@redhat.com>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] softmmu/qdev-monitor: fix use-after-free in qdev_set_id()
2021-11-13 8:14 ` Markus Armbruster
@ 2021-11-15 14:48 ` Kevin Wolf
0 siblings, 0 replies; 8+ messages in thread
From: Kevin Wolf @ 2021-11-15 14:48 UTC (permalink / raw)
To: Markus Armbruster
Cc: Damien Hedde, Daniel P. Berrangé,
Eduardo Habkost, Michael S . Tsirkin, qemu-trivial, qemu-devel,
Stefan Hajnoczi, Paolo Bonzini, Philippe Mathieu-Daudé
Am 13.11.2021 um 09:14 hat Markus Armbruster geschrieben:
> Nominating for qemu-trivial.
I'm sending a pull request anyway, so I'm merging it.
Kevin
> Markus Armbruster <armbru@redhat.com> writes:
>
> > Philippe Mathieu-Daudé <philmd@redhat.com> writes:
> >
> >> Cc'ing Markus
> >>
> >> On 11/2/21 17:33, Stefan Hajnoczi wrote:
> >>> Reported by Coverity (CID 1465222).
> >>>
> >>> Fixes: 4a1d937796de0fecd8b22d7dbebf87f38e8282fd ("softmmu/qdev-monitor: add error handling in qdev_set_id")
> >>> Cc: Damien Hedde <damien.hedde@greensocs.com>
> >>> Cc: Kevin Wolf <kwolf@redhat.com>
> >>> Cc: Michael S. Tsirkin <mst@redhat.com>
> >>> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
> >>> ---
> >>> softmmu/qdev-monitor.c | 2 +-
> >>> 1 file changed, 1 insertion(+), 1 deletion(-)
> >>>
> >>> diff --git a/softmmu/qdev-monitor.c b/softmmu/qdev-monitor.c
> >>> index 4851de51a5..06f86a1a96 100644
> >>> --- a/softmmu/qdev-monitor.c
> >>> +++ b/softmmu/qdev-monitor.c
> >>> @@ -581,8 +581,8 @@ const char *qdev_set_id(DeviceState *dev, char *id, Error **errp)
> >>> if (prop) {
> >>> dev->id = id;
> >>> } else {
> >>> - g_free(id);
> >>> error_setg(errp, "Duplicate device ID '%s'", id);
> >>> + g_free(id);
> >>> return NULL;
> >>> }
> >>> } else {
> >>>
> >>
> >> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> >> Reviewed-by: Damien Hedde <damien.hedde@greensocs.com>
> >
> > Reviewed-by: Markus Armbruster <armbru@redhat.com>
>
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2021-11-15 14:50 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-02 16:33 [PATCH] softmmu/qdev-monitor: fix use-after-free in qdev_set_id() Stefan Hajnoczi
2021-11-02 16:50 ` Philippe Mathieu-Daudé
2021-11-02 17:07 ` Michael S. Tsirkin
2021-11-02 17:52 ` Kevin Wolf
2021-11-03 9:46 ` Philippe Mathieu-Daudé
2021-11-03 10:01 ` Markus Armbruster
2021-11-13 8:14 ` Markus Armbruster
2021-11-15 14:48 ` Kevin Wolf
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.