qdev: Fix crash in array property getter - focaccia-qemu - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Kevin Wolf <kwolf@redhat.com>	2023-11-21 18:34:15 +0100
committer	Stefan Hajnoczi <stefanha@redhat.com>	2023-11-28 08:12:49 -0500
commit	50571883f6dad098e1eecfb717ed509451a7a476 (patch)
tree	827a8a07d3b1871cde31368385e1cd9e2a9ede82 /qapi/string-output-visitor.c
parent	e867b01cd6658a64c16052117dbb18093a2f9772 (diff)
download	focaccia-qemu-50571883f6dad098e1eecfb717ed509451a7a476.tar.gz focaccia-qemu-50571883f6dad098e1eecfb717ed509451a7a476.zip

qdev: Fix crash in array property getter

Passing an uninitialised list to visit_start_list() happens to work for
the QObject output visitor because it treats the pointer as an opaque
value and never dereferences it, but the string output visitor expects a
valid list to check if it has more than one element.

The existing code crashes with the string output visitor if the
uninitialised value is non-NULL. Passing an explicit NULL would fix the
crash, but still result in wrong output.

Rework get_prop_array() so that it conforms to the expectations that the
string output visitor has. This includes building a real list first and
using visit_next_list() to iterate it.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1993
Reported-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Tested-by: Dan Hoffman <dhoff749@gmail.com>
Tested-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20231121173416.346610-2-kwolf@redhat.com>

Diffstat (limited to 'qapi/string-output-visitor.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: