9pfs: fix potential segfault during walk

If the call to fid_to_qid() returns an error, we will call v9fs_path_free() on uninitialized paths. It is a regression introduced by the following commit: 56f101ec 9pfs: handle walk of ".." in the root directory Let's fix this by initializing dpath and path before calling fid_to_qid(). Signed-off-by: N Greg Kurz <groug@kaod.org> Reviewed-by: N Cédric Le Goater <clg@kaod.org> [groug: updated the changelog to indicate this is regression and to provide the offending commit SHA1] Signed-off-by: N Greg Kurz <groug@kaod.org> (cherry picked from commit 13fd08e6) Signed-off-by: N Michael Roth <mdroth@linux.vnet.ibm.com>

9pfs: fix potential segfault during walk
If the call to fid_to_qid() returns an error, we will call v9fs_path_free() on uninitialized paths. It is a regression introduced by the following commit: 56f101ec 9pfs: handle walk of ".." in the root directory Let's fix this by initializing dpath and path before calling fid_to_qid(). Signed-off-by: N Greg Kurz <groug@kaod.org> Reviewed-by: N Cédric Le Goater <clg@kaod.org> [groug: updated the changelog to indicate this is regression and to provide the offending commit SHA1] Signed-off-by: N Greg Kurz <groug@kaod.org> (cherry picked from commit 13fd08e6) Signed-off-by: N Michael Roth <mdroth@linux.vnet.ibm.com>
5e2c6fe7 · Greg Kurz · Michael Roth · b9ab2f66 · 5e2c6fe7
隐藏空白更改
内联并排

Showing with 3 addition and 2 deletion

hw/9pfs/9p.c hw/9pfs/9p.c +3 -2

未找到文件。
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -1318,13 +1318,14 @@ static void v9fs_walk(void *opaque)
        goto out_nofid;
    }
+    v9fs_path_init(&dpath);
+    v9fs_path_init(&path);
    err = fid_to_qid(pdu, fidp, &qid);
    if (err < 0) {
        goto out;
    }
-    v9fs_path_init(&dpath);
-    v9fs_path_init(&path);
    /*
     * Both dpath and path initially poin to fidp.
     * Needed to handle request with nwnames == 0