From: Eric Blake <eblake@redhat.com>
To: "Murilo Opsfelder Araújo" <muriloo@linux.vnet.ibm.com>,
qemu-devel@nongnu.org
Cc: Kevin Wolf <kwolf@redhat.com>,
qemu-ppc@nongnu.org, qemu-block@nongnu.org,
qemu-stable <qemu-stable@nongnu.org>,
Max Reitz <mreitz@redhat.com>,
R Nageswara Sastry <nasastry@in.ibm.com>,
Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [Qemu-devel] [PATCH 1/1] block/nbd: fix segmentation fault when .desc is not null-terminated
Date: Fri, 5 Jan 2018 11:08:28 -0600 [thread overview]
Message-ID: <3dd18c73-5410-3306-2252-56afe45ff3e1@redhat.com> (raw)
In-Reply-To: <fb11ac10-0b17-b9d6-0e2a-540cac882900@linux.vnet.ibm.com>
[-- Attachment #1: Type: text/plain, Size: 1326 bytes --]
On 01/05/2018 08:47 AM, Murilo Opsfelder Araújo wrote:
>>> This patch fixes the segmentation fault in strcmp() by adding a NULL element at
>>> the end of nbd_runtime_opts.desc list, which is the common practice to most of
>>> other structs like runtime_opts in block/null.c. Thus, the desc[i].name != NULL
>>> check becomes safe because it will not evaluate to true when .desc list reached
>>> its end.
>>>
>>> Reported-by: R. Nageswara Sastry <nasastry@in.ibm.com>
>>> Buglink: https://bugs.launchpad.net/qemu/+bug/1727259
>>> Signed-off-by: Murilo Opsfelder Araujo <muriloo@linux.vnet.ibm.com>
>>
>> I'll update the commit message to add in the commit id that introduced
Commit 7ccc44fd7, in 2.7.0.
>> the problem, as well as check that other QemuOptsList do not have a
>> similar problem; I'm queueing this on the NBD tree and will submit a
>> pull request soon.
>>
>> Reviewed-by: Eric Blake <eblake@redhat.com>
>
> Hi, Eric.
>
> A quick look brought my attention to:
>
> block/ssh.c
> 530:static QemuOptsList ssh_runtime_opts = {
>
> I've sent a patch to fix it too.
And my audit matches yours that there were no other culprits besides
those two.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 619 bytes --]
prev parent reply other threads:[~2018-01-05 17:08 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-05 13:32 [Qemu-devel] [PATCH 0/1] qemu/nbd: fix segmentation fault when .desc is not null-terminated Murilo Opsfelder Araujo
2018-01-05 13:32 ` [Qemu-devel] [PATCH 1/1] block/nbd: " Murilo Opsfelder Araujo
2018-01-05 13:57 ` Eric Blake
2018-01-05 14:47 ` Murilo Opsfelder Araújo
2018-01-05 17:08 ` Eric Blake [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3dd18c73-5410-3306-2252-56afe45ff3e1@redhat.com \
--to=eblake@redhat.com \
--cc=kwolf@redhat.com \
--cc=mreitz@redhat.com \
--cc=muriloo@linux.vnet.ibm.com \
--cc=nasastry@in.ibm.com \
--cc=pbonzini@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
--cc=qemu-stable@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.