]> git.ipfire.org Git - thirdparty/qemu.git/commitdiff
igvm: Add NULL checks for igvm_get_buffer()
authorOliver Steffen <osteffen@redhat.com>
Thu, 12 Feb 2026 15:41:14 +0000 (16:41 +0100)
committerGerd Hoffmann <kraxel@redhat.com>
Tue, 17 Feb 2026 15:02:57 +0000 (16:02 +0100)
According to the documentation we are supposed to do a null-pointer
check on the buffers returned by igvm_get_buffer() (part of the IGVM C
library).
Add these checks in the IGVM backend.

Signed-off-by: Oliver Steffen <osteffen@redhat.com>
Reviewed-by: Luigi Leonardi <leonardi@redhat.com>
Message-ID: <20260212154114.1119944-1-osteffen@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
backends/igvm.c

index b01a19ba46a1cbaa933f1a3aacd5cbd2b078f796..3b5edf15213c845132d0d4c05144a18992f1816e 100644 (file)
@@ -152,9 +152,17 @@ static int qigvm_handler(QIgvm *ctx, uint32_t type, Error **errp)
                 (int)header_handle);
             return -1;
         }
-        header_data = igvm_get_buffer(ctx->file, header_handle) +
-                      sizeof(IGVM_VHS_VARIABLE_HEADER);
-        result = handlers[handler].handler(ctx, header_data, errp);
+        header_data = igvm_get_buffer(ctx->file, header_handle);
+        if (header_data != NULL) {
+            header_data += sizeof(IGVM_VHS_VARIABLE_HEADER);
+            result = handlers[handler].handler(ctx, header_data, errp);
+        } else {
+            error_setg(errp,
+                    "IGVM: No buffer for handle %d: "
+                    "(type 0x%X)",
+                    header_handle, type);
+            result = -1;
+        }
         igvm_free_buffer(ctx->file, header_handle);
         return result;
     }
@@ -316,6 +324,11 @@ static int qigvm_process_mem_region(QIgvm *ctx, unsigned start_index,
                 return -1;
             }
             data = igvm_get_buffer(ctx->file, data_handle);
+            if (data == NULL) {
+                error_setg(errp, "IGVM: No buffer for handle %d", data_handle);
+                igvm_free_buffer(ctx->file, data_handle);
+                return -1;
+            }
             memcpy(&region[page_index * page_size], data, data_size);
             igvm_free_buffer(ctx->file, data_handle);
         }
@@ -426,6 +439,11 @@ static int qigvm_directive_vp_context(QIgvm *ctx, const uint8_t *header_data,
     }
 
     data = (uint8_t *)igvm_get_buffer(ctx->file, data_handle);
+    if (data == NULL) {
+        error_setg(errp, "IGVM: No buffer for handle %d", data_handle);
+        result = -1;
+        goto exit;
+    }
 
     if (ctx->machine_state->cgs) {
         result = ctx->cgsc->set_guest_state(
@@ -441,6 +459,7 @@ static int qigvm_directive_vp_context(QIgvm *ctx, const uint8_t *header_data,
         result = -1;
     }
 
+exit:
     igvm_free_buffer(ctx->file, data_handle);
     if (result < 0) {
         return result;
@@ -778,9 +797,15 @@ static int qigvm_supported_platform_compat_mask(QIgvm *ctx, Error **errp)
             }
             platform =
                 (IGVM_VHS_SUPPORTED_PLATFORM *)(igvm_get_buffer(ctx->file,
-                                                                header_handle) +
-                                                sizeof(
-                                                    IGVM_VHS_VARIABLE_HEADER));
+                                                                header_handle));
+            if (platform == NULL) {
+                error_setg(errp, "IGVM: No buffer for handle %d", header_handle);
+                igvm_free_buffer(ctx->file, header_handle);
+                return -1;
+            }
+
+            platform = (IGVM_VHS_SUPPORTED_PLATFORM *)((void *)platform
+                                        + sizeof(IGVM_VHS_VARIABLE_HEADER));
             if ((platform->platform_type == IGVM_PLATFORM_TYPE_SEV_ES) &&
                 ctx->machine_state->cgs) {
                 if (ctx->cgsc->check_support(