Overview

File CVE-2019-12155-qemuu-null-pointer-dereference-while-releasing-spice-resources.patch of Package xen.14030

References: bsc#1135905

qxl: check release info object

When releasing spice resources in release_resource() routine,
if release info object 'ext.info' is null, it leads to null
pointer dereference. Add check to avoid it.

Reported-by: Bugs SysSec <bugs-syssec@rub.de>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 20190425063534.32747-1-ppandit@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

Index: xen-4.5.5-testing/tools/qemu-xen-dir-remote/hw/display/qxl.c
===================================================================
--- xen-4.5.5-testing.orig/tools/qemu-xen-dir-remote/hw/display/qxl.c
+++ xen-4.5.5-testing/tools/qemu-xen-dir-remote/hw/display/qxl.c
@@ -708,6 +708,9 @@ static void interface_release_resource(Q
     QXLReleaseRing *ring;
     uint64_t *item, id;
 
+    if (!ext.info) {
+        return;
+    }
     if (ext.group_id == MEMSLOT_GROUP_HOST) {
         /* host group -> vga mode update request */
         qemu_spice_destroy_update(&qxl->ssd, (void *)(intptr_t)ext.info->id);
openSUSE Build Service is sponsored by
Places