qemu/hw/core
Kevin Wolf 50571883f6 qdev: Fix crash in array property getter
Passing an uninitialised list to visit_start_list() happens to work for
the QObject output visitor because it treats the pointer as an opaque
value and never dereferences it, but the string output visitor expects a
valid list to check if it has more than one element.

The existing code crashes with the string output visitor if the
uninitialised value is non-NULL. Passing an explicit NULL would fix the
crash, but still result in wrong output.

Rework get_prop_array() so that it conforms to the expectations that the
string output visitor has. This includes building a real list first and
using visit_next_list() to iterate it.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1993
Reported-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Tested-by: Dan Hoffman <dhoff749@gmail.com>
Tested-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20231121173416.346610-2-kwolf@redhat.com>
2023-11-28 08:12:49 -05:00
..
bus.c qbus: Rename qbus_create() to qbus_new() 2021-09-30 13:44:08 +01:00
clock-vmstate.c clock-vmstate: Add missing END_OF_LIST 2022-03-02 18:12:40 +00:00
clock.c misc: fix commonly doubled up words 2022-08-01 11:58:02 +02:00
cpu-common.c cpu: Call plugin hooks only when ready 2023-11-08 15:15:23 +00:00
cpu-sysemu.c memory: follow Error API guidelines 2023-10-19 23:13:27 +02:00
fw-path-provider.c
generic-loader.c hw/other: spelling fixes 2023-09-21 11:31:16 +03:00
gpio.c hw/qdev: Rename qdev_connect_gpio_out*() 'input_pin' parameter 2021-12-31 13:21:36 +01:00
guest-loader.c Mark remaining global TypeInfo instances as const 2022-02-21 13:30:20 +00:00
guest-loader.h
hotplug-stubs.c hw/core: Restrict hotplug to system emulation 2021-11-01 19:44:11 +01:00
hotplug.c
irq.c hw/irq: Declare QOM macros using OBJECT_DECLARE_SIMPLE_TYPE() 2023-02-27 13:27:05 +00:00
Kconfig
loader-fit.c
loader.c hw/core: skip loading debug on all failures 2023-11-23 14:10:06 +00:00
machine-hmp-cmds.c qapi: Add query-memory-devices support to hv-balloon 2023-11-06 14:08:10 +01:00
machine-qmp-cmds.c hw/core: Move machine-qmp-cmds.c into the target independent source set 2023-05-16 09:14:18 +02:00
machine-smp.c CPU topology: extend with s390 specifics 2023-10-20 07:16:53 +02:00
machine.c igb: Add Function Level Reset to PF and VF 2023-11-13 15:33:37 +08:00
meson.build meson: Replace softmmu_ss -> system_ss 2023-06-20 10:01:30 +02:00
nmi.c hw/core: Improve error message when machine doesn't provide NMIs 2023-02-23 14:10:17 +01:00
null-machine.c
numa.c numa: Check for qemu_strtosz_MiB error 2023-06-02 12:29:27 -05:00
or-irq.c hw: Replace qemu_or_irq typedef by OrIRQState 2023-02-27 13:27:05 +00:00
platform-bus.c
ptimer.c replay: Extract core API to 'exec/replay-core.h' 2023-02-27 22:29:01 +01:00
qdev-clock.c Drop more useless casts from void * to pointer 2022-12-14 16:19:35 +01:00
qdev-fw.c
qdev-hotplug.c hw/core: Extract hotplug-related functions to qdev-hotplug.c 2021-11-01 19:44:11 +01:00
qdev-prop-internal.h
qdev-properties-system.c qdev: Make netdev properties work as list elements 2023-11-10 18:19:15 +01:00
qdev-properties.c qdev: Fix crash in array property getter 2023-11-28 08:12:49 -05:00
qdev.c hw/qdev: Constify DeviceState* argument of qdev_get_parent_bus() 2023-02-27 22:29:01 +01:00
register.c hw/core/register: Add more 64-bit utilities 2021-09-01 11:59:12 +10:00
reset.c reset: allow registering handlers that aren't called by snapshot loading 2022-10-27 11:34:31 +01:00
resettable.c hw/core/resettable: fix reset level counting 2022-10-27 10:27:23 +01:00
split-irq.c
stream.c
sysbus-fdt.c hw/core: Tidy up unnecessary casting away of const 2022-10-22 22:50:27 +02:00
sysbus.c bulk: Rename TARGET_FMT_plx -> HWADDR_FMT_plx 2023-01-18 11:14:34 +01:00
trace-events trace-events: remove the remaining vcpu trace events 2023-06-01 11:05:05 -04:00
trace.h
uboot_image.h hw/core: Sync uboot_image.h from U-Boot v2022.01 2022-05-24 10:38:50 +10:00
vm-change-state-handler.c qdev: Add qdev_add_vm_change_state_handler_full() 2023-09-11 08:34:05 +02:00
vmstate-if.c