Bug 734860 - qemu-kvm: segfault when missing host parameter for socket chardev
Summary: qemu-kvm: segfault when missing host parameter for socket chardev
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: qemu-kvm
Version: 6.2
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Alon Levy
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks: 743047
TreeView+ depends on / blocked
 
Reported: 2011-08-31 16:20 UTC by Alon Levy
Modified: 2014-08-04 22:08 UTC (History)
6 users (show)

Fixed In Version: qemu-kvm-0.12.1.2-2.187.el6
Doc Type: Bug Fix
Doc Text:
Cause missing NULL check. Consequence launching qemu-kvm with a socket chardev that is missing the host parameter crashes immediately. Fix add a NULL check. Result Forgetting the host parameter will cause an exit with appropriate error message.
Clone Of:
Environment:
Last Closed: 2011-12-06 15:58:44 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:1531 normal SHIPPED_LIVE Moderate: qemu-kvm security, bug fix, and enhancement update 2011-12-06 01:23:30 UTC

Description Alon Levy 2011-08-31 16:20:24 UTC
commit d243a891612b7a938956e54e297247f0644a1a04
Author: Alon Levy <alevy@redhat.com>
Date:   Wed Aug 31 18:16:47 2011 +0300

    qemu-socket: fix segfault if no host but port specified
    
    Issuing:
     qemu-system-x86_64 -chardev socket,port=7000,id=test,server,nowait
    
    Results in a segfault because of a NULL addr. Fix by testing for
    host parameter (like the existing error message says).

diff --git a/qemu-sockets.c b/qemu-sockets.c
index 23c3def..28034b2 100644
--- a/qemu-sockets.c
+++ b/qemu-sockets.c
@@ -130,7 +130,8 @@ int inet_listen_opts(QemuOpts *opts, int port_offset)
     ai.ai_family = PF_UNSPEC;
     ai.ai_socktype = SOCK_STREAM;
 
-    if (qemu_opt_get(opts, "port") == NULL) {
+    if (qemu_opt_get(opts, "host") == NULL ||
+        qemu_opt_get(opts, "port") == NULL) {
         fprintf(stderr, "%s: host and/or port not specified\n", __FUNCTION__);
         return -1;
     }

Comment 2 juzhang 2011-09-01 01:53:55 UTC
Can reproduce with qemu-kvm-0.12.1.2-2.184.el6.x86_64,mark qa+

additional infos
#0  0x00000000004b99a8 in inet_listen_opts (opts=0x22550f0, port_offset=0) at qemu-sockets.c:149
#1  0x00000000004bdaca in qemu_chr_open_socket (opts=0x22550f0) at qemu-char.c:2333
#2  0x00000000004bb8ca in qemu_chr_open_opts (opts=0x22550f0, init=0) at qemu-char.c:2649
#3  0x00000000004096fb in chardev_init_func (opts=<value optimized out>, opaque=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4584
#4  0x000000000047a28a in qemu_opts_foreach (list=<value optimized out>, func=0x4096f0 <chardev_init_func>, opaque=0x0, 
    abort_on_failure=<value optimized out>) at qemu-option.c:957
#5  0x000000000040cdc8 in main (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:5860

Comment 5 juzhang 2011-09-19 05:53:22 UTC
Verified this issue with qemu-kvm-0.12.1.2-2.190.el6.x86_64 using comment0's steps.

Results:
inet_listen_opts: host and/or port not specified
chardev: opening backend "socket" failed

This issue has been fixed.

Comment 7 Alon Levy 2011-11-17 17:51:14 UTC
adding technical notes.

Comment 8 Alon Levy 2011-11-17 17:51:14 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause
    missing NULL check.
Consequence
    launching qemu-kvm with a socket chardev that is missing the host parameter crashes immediately.
Fix
    add a NULL check.
Result
    Forgetting the host parameter will cause an exit with appropriate error message.

Comment 9 errata-xmlrpc 2011-12-06 15:58:44 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2011-1531.html


Note You need to log in before you can comment on or make changes to this bug.