diff options
| author | Greg Kurz <groug@kaod.org> | 2016-09-16 11:44:49 +0200 |
|---|---|---|
| committer | Greg Kurz <groug@kaod.org> | 2016-09-19 11:39:48 +0200 |
| commit | 13fd08e631ec0c3ff5ad1bdcb6a4474c7d9a024f (patch) | |
| tree | baea24c959a591dde9dc76c8855e42378d5d82dc /hw/9pfs | |
| parent | 557a4cc04a7cd092e8b5d6ef5a1e6799ed10b163 (diff) | |
| download | qemu-13fd08e631ec0c3ff5ad1bdcb6a4474c7d9a024f.zip | |
9pfs: fix potential segfault during walk
If the call to fid_to_qid() returns an error, we will call v9fs_path_free()
on uninitialized paths.
It is a regression introduced by the following commit:
56f101ecce0e 9pfs: handle walk of ".." in the root directory
Let's fix this by initializing dpath and path before calling fid_to_qid().
Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
[groug: updated the changelog to indicate this is regression and to provide
the offending commit SHA1]
Signed-off-by: Greg Kurz <groug@kaod.org>
Diffstat (limited to 'hw/9pfs')
| -rw-r--r-- | hw/9pfs/9p.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c index 639f939302..119ee58496 100644 --- a/hw/9pfs/9p.c +++ b/hw/9pfs/9p.c @@ -1333,13 +1333,14 @@ static void v9fs_walk(void *opaque) goto out_nofid; } + v9fs_path_init(&dpath); + v9fs_path_init(&path); + err = fid_to_qid(pdu, fidp, &qid); if (err < 0) { goto out; } - v9fs_path_init(&dpath); - v9fs_path_init(&path); /* * Both dpath and path initially poin to fidp. * Needed to handle request with nwnames == 0 |