You forgot to Cc the subsystem maintainers... ./scripts/get_maintainer.pl -f hw/scsi/megasas.c Hannes Reinecke <[email protected]> (supporter:megasas) Paolo Bonzini <[email protected]> (supporter:SCSI) Fam Zheng <[email protected]> (reviewer:SCSI)
On 1/25/21 3:22 PM, Mauro Matteo Cascella wrote: > Hello, > > Any updates on this little patch? Please find below a reproducer for > this bug (thanks Alexander): > https://lists.nongnu.org/archive/html/qemu-devel/2021-01/msg02567.html "Little patch" but with security involvements ;) As Paolo usually asks for reproducer to be integrated with the fix, it might save him/you time if you respin with the reproducer. You can have a look at https://www.mail-archive.com/[email protected]/msg78982.html for example. That said, unrelated to your patch but I'm not sure how useful it is to test for bugs found by fuzzer each time in our CI. There are borderline cases not representing proper use. Maybe we could run them weekly instead... > Thank you, > > On Thu, Dec 24, 2020 at 6:55 PM Mauro Matteo Cascella > <[email protected]> wrote: >> >> Ensure that 'cmd->frame' is not NULL before accessing the 'header' field. >> This check prevents a potential NULL pointer dereference issue. >> >> RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1910346 >> Signed-off-by: Mauro Matteo Cascella <[email protected]> >> Reported-by: Cheolwoo Myung <[email protected]> >> --- >> hw/scsi/megasas.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c >> index 1a5fc5857d..77510e120c 100644 >> --- a/hw/scsi/megasas.c >> +++ b/hw/scsi/megasas.c >> @@ -1893,7 +1893,7 @@ static void megasas_command_cancelled(SCSIRequest *req) >> { >> MegasasCmd *cmd = req->hba_private; >> >> - if (!cmd) { >> + if (!cmd || !cmd->frame) { >> return; >> } >> cmd->frame->header.cmd_status = MFI_STAT_SCSI_IO_FAILED; >> -- >> 2.29.2 >> > >
