From 1e0efa9735635bf1eef18f7e4d41f8a9e720e574 Mon Sep 17 00:00:00 2001 From: Zhao Liu Date: Fri, 23 Feb 2024 16:56:50 +0800 Subject: [PATCH] hw/misc/xlnx-versal-trng: Check returned bool in trng_prop_fault_event_set() MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit As the comment in qapi/error, dereferencing @errp requires ERRP_GUARD(): * = Why, when and how to use ERRP_GUARD() = * * Without ERRP_GUARD(), use of the @errp parameter is restricted: * - It must not be dereferenced, because it may be null. ... * ERRP_GUARD() lifts these restrictions. * * To use ERRP_GUARD(), add it right at the beginning of the function. * @errp can then be used without worrying about the argument being * NULL or &error_fatal. * * Using it when it's not needed is safe, but please avoid cluttering * the source with useless code. But in trng_prop_fault_event_set, @errp is dereferenced without ERRP_GUARD(): visit_type_uint32(v, name, events, errp); if (*errp) { return; } Currently, since trng_prop_fault_event_set() doesn't get the NULL @errp parameter as a "set" method of object property, it hasn't triggered the bug that dereferencing the NULL @errp. And since visit_type_uint32() returns bool, check the returned bool directly instead of dereferencing @errp, then we needn't the add missing ERRP_GUARD(). Suggested-by: Markus Armbruster Signed-off-by: Zhao Liu Reviewed-by: Philippe Mathieu-Daudé Message-ID: <20240223085653.1255438-5-zhao1.liu@linux.intel.com> Signed-off-by: Thomas Huth --- hw/misc/xlnx-versal-trng.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/hw/misc/xlnx-versal-trng.c b/hw/misc/xlnx-versal-trng.c index b8111b8b66..6495188dc7 100644 --- a/hw/misc/xlnx-versal-trng.c +++ b/hw/misc/xlnx-versal-trng.c @@ -644,8 +644,7 @@ static void trng_prop_fault_event_set(Object *obj, Visitor *v, Property *prop = opaque; uint32_t *events = object_field_prop_ptr(obj, prop); - visit_type_uint32(v, name, events, errp); - if (*errp) { + if (!visit_type_uint32(v, name, events, errp)) { return; } -- 2.11.4.GIT