hw/ppc: check if spapr_drc_index() returns NULL in spapr_nvdimm.c - bwlp/qemu.git - Experimental fork of QEMU with video encoding patches

diff options

author	Daniel Henrique Barboza	2022-04-09 22:08:56 +0200
committer	Daniel Henrique Barboza	2022-07-28 15:31:54 +0200
commit	edccf661e6205d5ffff73860ab22eaf08a611ad9 (patch)
tree	aa4480e68612129eb0e2ad12cf02e3ba24aa5af6 /tests/docker/dockerfiles/debian-armel-cross.docker
parent	Merge tag 'pull-block-2022-07-27' of https://gitlab.com/vsementsov/qemu into ... (diff)
download	qemu-edccf661e6205d5ffff73860ab22eaf08a611ad9.tar.gz qemu-edccf661e6205d5ffff73860ab22eaf08a611ad9.tar.xz qemu-edccf661e6205d5ffff73860ab22eaf08a611ad9.zip

hw/ppc: check if spapr_drc_index() returns NULL in spapr_nvdimm.c

spapr_nvdimm_flush_completion_cb() and flush_worker_cb() are using the DRC object returned by spapr_drc_index() without checking it for NULL. In this case we would be dereferencing a NULL pointer when doing SPAPR_NVDIMM(drc->dev) and PC_DIMM(drc->dev). This can happen if, during a scm_flush(), the DRC object is wrongly freed/released (e.g. a bug in another part of the code). spapr_drc_index() would then return NULL in the callbacks. Fixes: Coverity CID 1487108, 1487178 Reviewed-by: Greg Kurz <groug@kaod.org> Message-Id: <20220409200856.283076-2-danielhb413@gmail.com> Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>

Diffstat (limited to 'tests/docker/dockerfiles/debian-armel-cross.docker')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: