On Wed, May 29, 2024 at 02:07:18PM +0300, Oleg Sviridov wrote: > Pointer, returned from function 'spapr_vio_find_by_reg', may be NULL and is > dereferenced immediately after. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Signed-off-by: Oleg Sviridov <[email protected]> > --- > hw/net/spapr_llan.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/hw/net/spapr_llan.c b/hw/net/spapr_llan.c > index ecb30b7c76..f40b733229 100644 > --- a/hw/net/spapr_llan.c > +++ b/hw/net/spapr_llan.c > @@ -770,6 +770,10 @@ static target_ulong h_change_logical_lan_mac(PowerPCCPU > *cpu, > SpaprVioVlan *dev = VIO_SPAPR_VLAN_DEVICE(sdev);
Hmm... I thought VIO_SPAPR_VLAN_DEVICE() was supposed to abort if sdev
was NULL or not of the right type. Or have the rules for qom helpers
changed since I wrote this.
> int i;
>
> + if (!dev) {
> + return H_PARAMETER;
> + }
> +
> for (i = 0; i < ETH_ALEN; i++) {
> dev->nicconf.macaddr.a[ETH_ALEN - i - 1] = macaddr & 0xff;
> macaddr >>= 8;
--
David Gibson | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
signature.asc
Description: PGP signature
