Add a fix for a NULL pointer dereference regression

Resolves: RHEL-113070 Signed-off-by: Maurizio Lombardi <mlombard@redhat.com>
2025-09-26 11:41:38 +02:00 · 2025-09-26 11:41:38 +02:00 · 131403e636
commit 131403e636
parent 8ab5c45567
2 changed files with 71 additions and 1 deletions
--- a/0001-tree-do-not-try-to-strdup-NULL-pointer.patch
+++ b/0001-tree-do-not-try-to-strdup-NULL-pointer.patch
@ -0,0 +1,65 @@
+From 97886cb68d238ccbbed804a275851f63e490b22f Mon Sep 17 00:00:00 2001
+From: Daniel Wagner <wagi@kernel.org>
+Date: Thu, 31 Jul 2025 11:24:15 +0200
+Subject: [PATCH] tree: do not try to strdup NULL pointer
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+blktests nvme/003 using the loop transport fails because nvme_ctrl_alloc
+tries to strdup NULL pointers (address or sysfs_dir).
+
+Introduce a 'safe' strdup version and start this version.
+
+Reported-by: Tomáš Bžatek <tbzatek@redhat.com>
+Reported-by: Yi Zhang <yi.zhang@redhat.com>
+Fixes: e64249888521 ("tree: free ctrl attributes when (re)configure ctrl")
+Signed-off-by: Daniel Wagner <wagi@kernel.org>
+---
+ src/nvme/private.h | 7 +++++++
+ src/nvme/tree.c    | 6 +++---
+ 2 files changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/src/nvme/private.h b/src/nvme/private.h
+index ac594967..f2ba299b 100644
+--- a/src/nvme/private.h
+++ b/src/nvme/private.h
+@@ -335,4 +335,11 @@ void __nvme_mi_mctp_set_ops(const struct __mi_mctp_socket_ops *newops);
+ int __nvme_import_keys_from_config(nvme_host_t h, nvme_ctrl_t c,
+ 				   long *keyring_id, long *key_id);
+ 
+static inline char *xstrdup(const char *s)
+{
+	if (!s)
+		return NULL;
+	return strdup(s);
+}
+
+ #endif /* _LIBNVME_PRIVATE_H */
+diff --git a/src/nvme/tree.c b/src/nvme/tree.c
+index 9aaaa1b5..d7970743 100644
+--- a/src/nvme/tree.c
+++ b/src/nvme/tree.c
+@@ -2073,8 +2073,8 @@ static int nvme_reconfigure_ctrl(nvme_root_t r, nvme_ctrl_t c, const char *path,
+ 	}
+ 	closedir(d);
+ 
+-	c->name = strdup(name);
+-	c->sysfs_dir = strdup(path);
+	c->name = xstrdup(name);
+	c->sysfs_dir = xstrdup(path);
+ 	c->firmware = nvme_get_ctrl_attr(c, "firmware_rev");
+ 	c->model = nvme_get_ctrl_attr(c, "model");
+ 	c->state = nvme_get_ctrl_attr(c, "state");
+@@ -2230,7 +2230,7 @@ skip_address:
+ 		return NULL;
+ 	}
+ 	FREE_CTRL_ATTR(c->address);
+-	c->address = strdup(addr);
+	c->address = xstrdup(addr);
+ 	if (s->subsystype && !strcmp(s->subsystype, "discovery"))
+ 		c->discovery_ctrl = true;
+ 	ret = nvme_reconfigure_ctrl(r, c, path, name);
+-- 
+2.47.3
+
--- a/libnvme.spec
+++ b/libnvme.spec
@ -4,11 +4,13 @@
 Name:    libnvme
 Summary: Linux-native nvme device management library
 Version: 1.15
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: LGPL-2.1-or-later
 URL:     https://github.com/linux-nvme/libnvme
 Source0: %{url}/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz

+Patch0:  0001-tree-do-not-try-to-strdup-NULL-pointer.patch
+
 BuildRequires: gcc gcc-c++
 BuildRequires: swig
 BuildRequires: python3-devel
@ -98,6 +100,9 @@ rm -r %{buildroot}%{_pkgdocdir}/html/{.buildinfo,.doctrees/}
 %{python3_sitearch}/libnvme/*

 %changelog
+* Fri Sep 26 2025 Maurizio Lombardi <mlombard@redhat.com> - 1.15-3
+- Add a fix for a NULL pointer dereference regression
+
 * Mon Sep 08 2025 Maurizio Lombardi <mlombard@redhat.com> - 1.15-2
 - bump version because the side-tag didn't propagate