Tim,
Am 14.10.2012 15:08, schrieb Tim Hardeck:
> When calling QTAILQ_REMOVE or QLIST_REMOVE on an unitialized list
> QEMU segfaults.
Can this be reproduced by a user today? Or is this just fixing the case
that a developer forgot to initialize a list?
Regards,
Andreas
> Check for this case specifically on item removal.
>
> Signed-off-by: Tim Hardeck <thard...@suse.de>
> ---
> qemu-queue.h | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/qemu-queue.h b/qemu-queue.h
> index 9288cd8..47ed239 100644
> --- a/qemu-queue.h
> +++ b/qemu-queue.h
> @@ -141,7 +141,9 @@ struct {
> \
> if ((elm)->field.le_next != NULL) \
> (elm)->field.le_next->field.le_prev = \
> (elm)->field.le_prev; \
> - *(elm)->field.le_prev = (elm)->field.le_next; \
> + if ((elm)->field.le_prev != NULL) { \
> + *(elm)->field.le_prev = (elm)->field.le_next; \
> + } \
> } while (/*CONSTCOND*/0)
>
> #define QLIST_FOREACH(var, head, field) \
> @@ -381,7 +383,9 @@ struct {
> \
> (elm)->field.tqe_prev; \
> else \
> (head)->tqh_last = (elm)->field.tqe_prev; \
> - *(elm)->field.tqe_prev = (elm)->field.tqe_next; \
> + if ((elm)->field.tqe_prev != NULL) { \
> + *(elm)->field.tqe_prev = (elm)->field.tqe_next; \
> + } \
> } while (/*CONSTCOND*/0)
>
> #define QTAILQ_FOREACH(var, head, field) \
--
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
