packages/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!298 Automatically generate code patches with openeuler !132

Browse Source 
From: @kuhnchen18
Reviewed-by: @imxcc
Signed-off-by: @imxcc
This commit is contained in:
openeuler-ci-bot 2021-06-02 12:45:48 +08:00 committed by Gitee
commit d2e1026f00
2 changed files with 77 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
bugfix-fix-Uninitialized-Free-Vulnerability.patch Normal file
View File

@ -0,0 +1,72 @@
From 58fe713b575a7b24b4e4694154a16808ff4a9009 Mon Sep 17 00:00:00 2001
From: imxcc <xingchaochao@huawei.com>
Date: Tue, 1 Jun 2021 20:38:59 +0800
Subject: [PATCH] bugfix: fix Uninitialized Free Vulnerability
Signed-off-by: nocjj <1250062498@qq.com>
Signed-off-by: imxcc <xingchaochao@huawei.com>
---
hw/block/nvme.c | 27 +++++++++++++++++++++------
1 file changed, 21 insertions(+), 6 deletions(-)
diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index 36d6a8bb3a..387e8b5c8f 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -216,15 +216,26 @@ static uint16_t nvme_map_prp(QEMUSGList *qsg, QEMUIOVector *iov, uint64_t prp1,
return NVME_SUCCESS;
unmap:
- qemu_sglist_destroy(qsg);
+ if (iov && iov->iov) {
+ qemu_iovec_destroy(iov);
+ }
+
+ if (qsg && qsg->sg) {
+ qemu_sglist_destroy(qsg);
+ }
+
return NVME_INVALID_FIELD | NVME_DNR;
}
static uint16_t nvme_dma_write_prp(NvmeCtrl *n, uint8_t *ptr, uint32_t len,
uint64_t prp1, uint64_t prp2)
{
- QEMUSGList qsg;
- QEMUIOVector iov;
+ QEMUSGList qsg = {
+ .sg = NULL,
+ };
+ QEMUIOVector iov = {
+ .iov = NULL,
+ };
uint16_t status = NVME_SUCCESS;
if (nvme_map_prp(&qsg, &iov, prp1, prp2, len, n)) {
@@ -247,8 +258,12 @@ static uint16_t nvme_dma_write_prp(NvmeCtrl *n, uint8_t *ptr, uint32_t len,
static uint16_t nvme_dma_read_prp(NvmeCtrl *n, uint8_t *ptr, uint32_t len,
uint64_t prp1, uint64_t prp2)
{
- QEMUSGList qsg;
- QEMUIOVector iov;
+ QEMUSGList qsg = {
+ .sg = NULL,
+ };
+ QEMUIOVector iov = {
+ .iov = NULL,
+ };
uint16_t status = NVME_SUCCESS;
trace_nvme_dma_read(prp1, prp2);
@@ -500,7 +515,7 @@ static void nvme_init_sq(NvmeSQueue *sq, NvmeCtrl *n, uint64_t dma_addr,
sq->size = size;
sq->cqid = cqid;
sq->head = sq->tail = 0;
- sq->io_req = g_new(NvmeRequest, sq->size);
+ sq->io_req = g_new0(NvmeRequest, sq->size);
QTAILQ_INIT(&sq->req_list);
QTAILQ_INIT(&sq->out_req_list);
--
2.27.0

6
qemu.spec
View File

@ -1,6 +1,6 @@
Name: qemu Name: qemu
Version: 4.1.0 Version: 4.1.0
Release: 46 Release: 47
Epoch: 2 Epoch: 2
Summary: QEMU is a generic and open source machine emulator and virtualizer Summary: QEMU is a generic and open source machine emulator and virtualizer
License: GPLv2 and BSD and MIT and CC-BY-SA-4.0 License: GPLv2 and BSD and MIT and CC-BY-SA-4.0
@ -309,6 +309,7 @@ Patch0296: nvram-add-nrf51_soc-flash-read-method.patch
Patch0297: spapr_pci-add-spapr-msi-read-method.patch Patch0297: spapr_pci-add-spapr-msi-read-method.patch
Patch0298: tz-ppc-add-dummy-read-write-methods.patch Patch0298: tz-ppc-add-dummy-read-write-methods.patch
Patch0299: imx7-ccm-add-digprog-mmio-write-method.patch Patch0299: imx7-ccm-add-digprog-mmio-write-method.patch
Patch0300: bugfix-fix-Uninitialized-Free-Vulnerability.patch
BuildRequires: flex BuildRequires: flex
BuildRequires: bison BuildRequires: bison
@ -693,6 +694,9 @@ getent passwd qemu >/dev/null || \
%endif %endif
%changelog %changelog
* Wed Jun 02 2021 Chen Qun <kuhn.chenqun@huawei.com>
- bugfix: fix Uninitialized Free Vulnerability
* Tue Jun 01 2021 Chen Qun <kuhn.chenqun@huawei.com> * Tue Jun 01 2021 Chen Qun <kuhn.chenqun@huawei.com>
- hw/pci-host: add pci-intack write method - hw/pci-host: add pci-intack write method
- pci-host: add pcie-msi read method - pci-host: add pcie-msi read method