aboutsummaryrefslogtreecommitdiff
path: root/migration/qemu-file.c
diff options
context:
space:
mode:
authorCarlos López <clopez@suse.de>2023-02-10 12:25:15 +0100
committerMichael S. Tsirkin <mst@redhat.com>2023-03-02 19:13:51 -0500
commit9c1916057a8b14411116106e5a5c0c33d551cfeb (patch)
tree9d526f084b1b04dbe144887571028bf875cbd942 /migration/qemu-file.c
parente4dd39c699b7d63a06f686ec06ded8adbee989c1 (diff)
libvhost-user: check for NULL when allocating a virtqueue element
Check the return value for malloc(), avoiding a NULL pointer dereference, and propagate error in function callers. Found with GCC 13 and -fanalyzer: ../subprojects/libvhost-user/libvhost-user.c: In function ‘virtqueue_alloc_element’: ../subprojects/libvhost-user/libvhost-user.c:2556:19: error: dereference of possibly-NULL ‘elem’ [CWE-690] [-Werror=analyzer-possible-null-dereference] 2556 | elem->out_num = out_num; | ~~~~~~~~~~~~~~^~~~~~~~~ ‘virtqueue_alloc_element’: event 1 | | 2554 | assert(sz >= sizeof(VuVirtqElement)); | | ^~~~~~ | | | | | (1) following ‘true’ branch (when ‘sz > 31’)... | ‘virtqueue_alloc_element’: events 2-4 | | 2555 | elem = malloc(out_sg_end); | | ^~~~ ~~~~~~~~~~~~~~~~~~ | | | | | | | (3) this call could return NULL | | (2) ...to here | 2556 | elem->out_num = out_num; | | ~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (4) ‘elem’ could be NULL: unchecked value from (3) | Signed-off-by: Carlos López <clopez@suse.de> Message-Id: <20230210112514.16858-1-clopez@suse.de> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Diffstat (limited to 'migration/qemu-file.c')
0 files changed, 0 insertions, 0 deletions