From patchwork Mon Jun 30 18:03:37 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Maydell <peter.maydell@linaro.org>
X-Patchwork-Id: 32790
Return-Path: <patchwork-forward+bncBC6Z756YVMIBBIONY2OQKGQEW45IUDQ@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-pa0-f70.google.com (mail-pa0-f70.google.com
 [209.85.220.70])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 3AD26203C0
 for <linaro@patches.linaro.org>; Mon, 30 Jun 2014 18:04:18 +0000 (UTC)
Received: by mail-pa0-f70.google.com with SMTP id lj1sf45737039pab.9
 for <linaro@patches.linaro.org>; Mon, 30 Jun 2014 11:04:17 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:delivered-to:from:to:date
 :message-id:cc:subject:precedence:list-id:list-unsubscribe
 :list-archive:list-post:list-help:list-subscribe:errors-to:sender
 :x-original-sender:x-original-authentication-results:mailing-list;
 bh=JWYSTdsWEa0t5q6c/SqoORmzoyhGYvtAC0wifP+X534=;
 b=kim4E7LZVOckET0MD7mzvZqDbmN1o49lZO6YH6paSTEgq9uuNL8BVeYrOJLoNHT9E5
 93Er2BViplgaKfx1EHqMr9LiQZIvt+yOiSm5zUALB8Iyfb95gSzdup+aYAZsV2vXRX1z
 B/dB9AD9GwNwtzcMmxaCph+pbyr3QPsn3Sl6wuxVHzDnCzRuBtL3f23nSygvc2sDUCli
 cRuwCnUlPKKYNBZW89GChhy9S2r7kROSQ4dbSolXtSrCu1sRHwMuhtyYIjFu+4+WV9PB
 dkTOPDg83GsZpOUz+VGss4UD2AaRgwlkBDujdK/SiMGIOYfhMx2NPSRtnVyjr4xuCcTE
 rJuA==
X-Gm-Message-State: ALoCoQmJWIIV+6upkKluME4z2nPK35FteljhD9JwqK4I48nlu58Gk+rpthIpiEKzLim1sbqqDGGa
X-Received: by 10.66.65.142 with SMTP id x14mr23374387pas.14.1404151457474; 
 Mon, 30 Jun 2014 11:04:17 -0700 (PDT)
MIME-Version: 1.0
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.140.91.86 with SMTP id y80ls1089114qgd.0.gmail; Mon, 30 Jun
 2014 11:04:17 -0700 (PDT)
X-Received: by 10.52.231.8 with SMTP id tc8mr20631606vdc.35.1404151457348;
 Mon, 30 Jun 2014 11:04:17 -0700 (PDT)
Received: from mail-ve0-f181.google.com (mail-ve0-f181.google.com
 [209.85.128.181]) by mx.google.com with ESMTPS id
 hk8si10388539vdb.79.2014.06.30.11.04.17
 for <patchwork-forward@linaro.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Mon, 30 Jun 2014 11:04:17 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.128.181 as permitted sender) client-ip=209.85.128.181; 
Received: by mail-ve0-f181.google.com with SMTP id db11so8382451veb.26
 for <patchwork-forward@linaro.org>;
 Mon, 30 Jun 2014 11:04:17 -0700 (PDT)
X-Received: by 10.220.15.8 with SMTP id i8mr2207373vca.45.1404151457271;
 Mon, 30 Jun 2014 11:04:17 -0700 (PDT)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patch@linaro.org
Received: by 10.221.37.5 with SMTP id tc5csp159147vcb;
 Mon, 30 Jun 2014 11:04:17 -0700 (PDT)
X-Received: by 10.224.166.73 with SMTP id l9mr62676514qay.34.1404151456853; 
 Mon, 30 Jun 2014 11:04:16 -0700 (PDT)
Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11])
 by mx.google.com with ESMTPS id
 r6si26086742qar.32.2014.06.30.11.04.16 for <patch@linaro.org>
 (version=TLSv1 cipher=RC4-SHA bits=128/128);
 Mon, 30 Jun 2014 11:04:16 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 2001:4830:134:3::11 as permitted sender)
 client-ip=2001:4830:134:3::11; 
Received: from localhost ([::1]:35966 helo=lists.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <qemu-devel-bounces+patch=linaro.org@nongnu.org>)
 id 1X1fw8-0003fT-Cp
 for patch@linaro.org; Mon, 30 Jun 2014 14:04:16 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:48091)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <pm215@archaic.org.uk>) id 1X1fve-0003Oi-A4
 for qemu-devel@nongnu.org; Mon, 30 Jun 2014 14:03:47 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <pm215@archaic.org.uk>) id 1X1fvd-0004MW-7t
 for qemu-devel@nongnu.org; Mon, 30 Jun 2014 14:03:46 -0400
Received: from mnementh.archaic.org.uk ([2001:8b0:1d0::1]:48769)
 by eggs.gnu.org with esmtp (Exim 4.71)
 (envelope-from <pm215@archaic.org.uk>) id 1X1fvd-0004MM-1X
 for qemu-devel@nongnu.org; Mon, 30 Jun 2014 14:03:45 -0400
Received: from pm215 by mnementh.archaic.org.uk with local (Exim 4.80)
 (envelope-from <pm215@archaic.org.uk>)
 id 1X1fvV-000087-L0; Mon, 30 Jun 2014 19:03:37 +0100
From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Date: Mon, 30 Jun 2014 19:03:37 +0100
Message-Id: <1404151417-474-1-git-send-email-peter.maydell@linaro.org>
X-Mailer: git-send-email 1.7.10.4
X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address
 (bad octet value).
X-Received-From: 2001:8b0:1d0::1
Cc: Dong Xu Wang <wdongxu@linux.vnet.ibm.com>, Chunyan Liu <cyliu@suse.com>, 
 Stefan Hajnoczi <stefanha@redhat.com>
Subject: [Qemu-devel] [PATCH for-2.1] block/cow: Avoid use of uninitialized
 cow_bs in error path
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <patchwork-forward.linaro.org>
List-Unsubscribe: <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>, 
 <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: peter.maydell@linaro.org
X-Original-Authentication-Results: mx.google.com; spf=pass (google.com:
 domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.128.181 as permitted sender)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
X-Google-Group-Id: 836684582541

Commit 25814e8987 introduced an error-exit code path which does
a "goto exit" before the cow_bs variable is initialized, meaning
we would call bdrv_unref() on an uninitialized variable and
likely segfault. Fix this by moving the NULL-initialization
to the top of the function and making the exit code path handle
the case where it is NULL.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
---
 block/cow.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/block/cow.c b/block/cow.c
index 8f81ee6..6ee4833 100644
--- a/block/cow.c
+++ b/block/cow.c
@@ -332,7 +332,7 @@ static int cow_create(const char *filename, QemuOpts *opts, Error **errp)
     char *image_filename = NULL;
     Error *local_err = NULL;
     int ret;
-    BlockDriverState *cow_bs;
+    BlockDriverState *cow_bs = NULL;
 
     /* Read out options */
     image_sectors = qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0) / 512;
@@ -344,7 +344,6 @@ static int cow_create(const char *filename, QemuOpts *opts, Error **errp)
         goto exit;
     }
 
-    cow_bs = NULL;
     ret = bdrv_open(&cow_bs, filename, NULL, NULL,
                     BDRV_O_RDWR | BDRV_O_PROTOCOL, NULL, &local_err);
     if (ret < 0) {
@@ -383,7 +382,9 @@ static int cow_create(const char *filename, QemuOpts *opts, Error **errp)
 
 exit:
     g_free(image_filename);
-    bdrv_unref(cow_bs);
+    if (cow_bs) {
+        bdrv_unref(cow_bs);
+    }
     return ret;
 }