This fix object-add iothread crash Signed-off-by: Alexandre Derumier <aderum...@odiso.com> --- .../0004-qmp-fix-object-add-assert-without-props | 65 ++++++++++++++++++++++ debian/patches/series | 1 + 2 files changed, 66 insertions(+) create mode 100644 debian/patches/extra/0004-qmp-fix-object-add-assert-without-props
diff --git a/debian/patches/extra/0004-qmp-fix-object-add-assert-without-props b/debian/patches/extra/0004-qmp-fix-object-add-assert-without-props new file mode 100644 index 0000000..bc77a20 --- /dev/null +++ b/debian/patches/extra/0004-qmp-fix-object-add-assert-without-props @@ -0,0 +1,65 @@ +From patchwork Thu Sep 22 20:39:25 2016 +Content-Type: text/plain; charset="utf-8" +MIME-Version: 1.0 +Content-Transfer-Encoding: 8bit +Subject: [v4,1/3] qmp: fix object-add assert() without props +From: =?utf-8?q?Marc-Andr=C3=A9_Lureau?= <marcandre.lur...@redhat.com> +X-Patchwork-Id: 9347023 +Message-Id: <20160922203927.28241-2-marcandre.lur...@redhat.com> +To: qemu-de...@nongnu.org +Cc: paolo.bonz...@gmail.com, qemu-sta...@nongnu.org, arm...@redhat.com, + =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lur...@redhat.com> +Date: Fri, 23 Sep 2016 00:39:25 +0400 + +Since commit ad739706bbadee49, user_creatable_add_type() expects to be +given a qdict. However, if object-add is called without props, you reach +the assert: "qemu/qom/object_interfaces.c:115: user_creatable_add_type: +Assertion `qdict' failed.", because the qdict isn't created in this +case (it's optional). + +Furthermore, qmp_input_visitor_new() is not meant to be called without a +dict, and a further commit will assert in this situation. + +If none given, create an empty qdict in qmp to avoid the +user_creatable_add_type() assert(qdict). + +Signed-off-by: Marc-Andr?? Lureau <marcandre.lur...@redhat.com> +Reviewed-by: Eric Blake <ebl...@redhat.com> +Reviewed-by: Markus Armbruster <arm...@redhat.com> +--- + qmp.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/qmp.c b/qmp.c +index 6733463..b6de482 100644 +--- a/qmp.c ++++ b/qmp.c +@@ -665,7 +665,7 @@ void qmp_add_client(const char *protocol, const char *fdname, + void qmp_object_add(const char *type, const char *id, + bool has_props, QObject *props, Error **errp) + { +- const QDict *pdict = NULL; ++ QDict *pdict; + Visitor *v; + Object *obj; + +@@ -675,14 +675,18 @@ void qmp_object_add(const char *type, const char *id, + error_setg(errp, QERR_INVALID_PARAMETER_TYPE, "props", "dict"); + return; + } ++ QINCREF(pdict); ++ } else { ++ pdict = qdict_new(); + } + +- v = qmp_input_visitor_new(props, true); ++ v = qmp_input_visitor_new(QOBJECT(pdict), true); + obj = user_creatable_add_type(type, id, pdict, v, errp); + visit_free(v); + if (obj) { + object_unref(obj); + } ++ QDECREF(pdict); + } + + void qmp_object_del(const char *id, Error **errp) diff --git a/debian/patches/series b/debian/patches/series index 0283083..87b7a66 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -45,6 +45,7 @@ extra/x86-lapic-Load-LAPIC-state-at-post_load.patch extra/0001-Revert-target-i386-disable-LINT0-after-reset.patch extra/0002-net-vmxnet-initialise-local-tx-descriptor.patch extra/0003-net-limit-allocation-in-nc_sendv_compat.patch +extra/0004-qmp-fix-object-add-assert-without-props extra/CVE-2016-7155-scsi-check-page-count-while-initialising-descriptor-.patch extra/CVE-2016-7156-scsi-pvscsi-avoid-infinite-loop-while-building-SG-li.patch extra/CVE-2016-7157-scsi-mptconfig-fix-an-assert-expression.patch -- 2.1.4
_______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel