falso
/
qemu-irix
mirror of https://github.com/n64decomp/qemu-irix.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

9pfs: fix potential segfault during walk 

If the call to fid_to_qid() returns an error, we will call v9fs_path_free()
on uninitialized paths.

It is a regression introduced by the following commit:

56f101ecce 9pfs: handle walk of ".." in the root directory

Let's fix this by initializing dpath and path before calling fid_to_qid().

Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
[groug: updated the changelog to indicate this is regression and to provide
        the offending commit SHA1]
Signed-off-by: Greg Kurz <groug@kaod.org>

(cherry picked from commit 13fd08e631)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
This commit is contained in:
Greg Kurz 2016-09-16 11:44:49 +02:00 committed by Michael Roth
parent b9ab2f6671
commit 5e2c6fe7cc
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
hw/9pfs/9p.c
View File

@ -1318,13 +1318,14 @@ static void v9fs_walk(void *opaque)
goto out_nofid; goto out_nofid;
} }
v9fs_path_init(&dpath);
v9fs_path_init(&path);
err = fid_to_qid(pdu, fidp, &qid); err = fid_to_qid(pdu, fidp, &qid);
if (err < 0) { if (err < 0) {
goto out; goto out;
} }
v9fs_path_init(&dpath);
v9fs_path_init(&path);
/* /*
* Both dpath and path initially poin to fidp. * Both dpath and path initially poin to fidp.
* Needed to handle request with nwnames == 0 * Needed to handle request with nwnames == 0