summaryrefslogtreecommitdiff
path: root/hw
diff options
context:
space:
mode:
authorGreg Kurz <groug@kaod.org>2016-09-16 11:44:49 +0200
committerGreg Kurz <groug@kaod.org>2016-09-19 11:39:48 +0200
commit13fd08e631ec0c3ff5ad1bdcb6a4474c7d9a024f (patch)
treebaea24c959a591dde9dc76c8855e42378d5d82dc /hw
parent557a4cc04a7cd092e8b5d6ef5a1e6799ed10b163 (diff)
downloadqemu-13fd08e631ec0c3ff5ad1bdcb6a4474c7d9a024f.tar.gz
qemu-13fd08e631ec0c3ff5ad1bdcb6a4474c7d9a024f.tar.bz2
qemu-13fd08e631ec0c3ff5ad1bdcb6a4474c7d9a024f.zip
9pfs: fix potential segfault during walk
If the call to fid_to_qid() returns an error, we will call v9fs_path_free() on uninitialized paths. It is a regression introduced by the following commit: 56f101ecce0e 9pfs: handle walk of ".." in the root directory Let's fix this by initializing dpath and path before calling fid_to_qid(). Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Cédric Le Goater <clg@kaod.org> [groug: updated the changelog to indicate this is regression and to provide the offending commit SHA1] Signed-off-by: Greg Kurz <groug@kaod.org>
Diffstat (limited to 'hw')
-rw-r--r--hw/9pfs/9p.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index 639f939302..119ee58496 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -1333,13 +1333,14 @@ static void v9fs_walk(void *opaque)
goto out_nofid;
}
+ v9fs_path_init(&dpath);
+ v9fs_path_init(&path);
+
err = fid_to_qid(pdu, fidp, &qid);
if (err < 0) {
goto out;
}
- v9fs_path_init(&dpath);
- v9fs_path_init(&path);
/*
* Both dpath and path initially poin to fidp.
* Needed to handle request with nwnames == 0