Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
hw/nvram/fw_cfg: fix FWCfgDataGeneratorClass::get_data() consumption
The documentation on g_byte_array_free() <https://developer.gnome.org/glib/stable/glib-Byte-Arrays.html#g-byte-array-free> says: > Returns > > the element data if free_segment is FALSE, otherwise NULL. The element > data should be freed using g_free(). Because we currently call g_byte_array_free() with free_segment=TRUE, we end up passing data=NULL to fw_cfg_add_file(). On the plus side, fw_cfg_data_read() and fw_cfg_dma_transfer() both deal with NULL data gracefully: QEMU does not crash when the guest reads such an item, the guest just gets a properly sized, but zero-filled blob. However, the bug breaks UEFI HTTPS boot, as the IANA_TLS_CIPHER array, generated otherwise correctly by the "tls-cipher-suites" object, is in effect replaced with a zero blob. Fix the issue by passing free_segment=FALSE to g_byte_array_free(): - the caller (fw_cfg_add_from_generator()) temporarily assumes ownership of the generated byte array, - then ownership of the byte array is transfered to fw_cfg, as fw_cfg_add_file() links (not copies) "data" into fw_cfg. Cc: "Daniel P. Berrangé" <berrange@redhat.com> Cc: "Philippe Mathieu-Daudé" <philmd@redhat.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Fixes: 3203148 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20200916151510.22767-1-lersek@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
- Loading branch information