Merge remote-tracking branch 'remotes/armbru/tags/pull-error-2020-04-04' into staging
Error reporting patches for 2020-04-04
# gpg: Signature made Sat 04 Apr 2020 13:19:40 BST
# gpg: using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg: issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full]
# gpg: aka "Markus Armbruster <armbru@pond.sub.org>" [full]
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653
* remotes/armbru/tags/pull-error-2020-04-04:
qga/commands-posix: fix use after free of local_err
dump/win_dump: fix use after free of err
scripts/coccinelle: add error-use-after-free.cocci
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
diff --git a/MAINTAINERS b/MAINTAINERS
index 7cb53ec..9d156d7 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -2053,6 +2053,11 @@
F: qapi/error.json
F: util/error.c
F: util/qemu-error.c
+F: scripts/coccinelle/err-bad-newline.cocci
+F: scripts/coccinelle/error-use-after-free.cocci
+F: scripts/coccinelle/error_propagate_null.cocci
+F: scripts/coccinelle/remove_local_err.cocci
+F: scripts/coccinelle/use-error_fatal.cocci
GDB stub
M: Alex Bennée <alex.bennee@linaro.org>
diff --git a/dump/win_dump.c b/dump/win_dump.c
index eda2a48..652c7ba 100644
--- a/dump/win_dump.c
+++ b/dump/win_dump.c
@@ -304,13 +304,11 @@
struct saved_context *saved_ctx)
{
int i;
- Error *err = NULL;
for (i = 0; i < h->NumberProcessors; i++) {
if (cpu_memory_rw_debug(first_cpu, saved_ctx[i].addr,
(uint8_t *)&saved_ctx[i].ctx, sizeof(WinContext), 1)) {
- error_setg(&err, "win-dump: failed to restore CPU #%d context", i);
- warn_report_err(err);
+ warn_report("win-dump: failed to restore CPU #%d context", i);
}
}
}
diff --git a/qga/commands-posix.c b/qga/commands-posix.c
index 93474ff..cc69b82 100644
--- a/qga/commands-posix.c
+++ b/qga/commands-posix.c
@@ -1773,6 +1773,7 @@
}
error_free(local_err);
+ local_err = NULL;
if (pmutils_supports_mode(mode, &local_err)) {
mode_supported = true;
@@ -1784,6 +1785,7 @@
}
error_free(local_err);
+ local_err = NULL;
if (linux_sys_state_supports_mode(mode, &local_err)) {
mode_supported = true;
@@ -1791,6 +1793,7 @@
}
if (!mode_supported) {
+ error_free(local_err);
error_setg(errp,
"the requested suspend mode is not supported by the guest");
} else {
diff --git a/scripts/coccinelle/error-use-after-free.cocci b/scripts/coccinelle/error-use-after-free.cocci
new file mode 100644
index 0000000..72ae9fd
--- /dev/null
+++ b/scripts/coccinelle/error-use-after-free.cocci
@@ -0,0 +1,52 @@
+// Find and fix trivial use-after-free of Error objects
+//
+// Copyright (c) 2020 Virtuozzo International GmbH.
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 2 of the
+// License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see
+// <http://www.gnu.org/licenses/>.
+//
+// How to use:
+// spatch --sp-file scripts/coccinelle/error-use-after-free.cocci \
+// --macro-file scripts/cocci-macro-file.h --in-place \
+// --no-show-diff ( FILES... | --use-gitgrep . )
+
+@ exists@
+identifier fn, fn2;
+expression err;
+@@
+
+ fn(...)
+ {
+ <...
+(
+ error_free(err);
++ err = NULL;
+|
+ error_report_err(err);
++ err = NULL;
+|
+ error_reportf_err(err, ...);
++ err = NULL;
+|
+ warn_report_err(err);
++ err = NULL;
+|
+ warn_reportf_err(err, ...);
++ err = NULL;
+)
+ ... when != err = NULL
+ when != exit(...)
+ fn2(..., err, ...)
+ ...>
+ }
