qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 0/3] Fix broken if statements


From: Joel Schopp
Subject: Re: [Qemu-devel] [PATCH 0/3] Fix broken if statements
Date: Mon, 02 Aug 2010 10:23:21 -0500
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.11) Gecko/20100713 Thunderbird/3.0.6

> Is there some magic (= tool) which detected these "broken windows"
> in hw/loader.c, qemu-io.c and vl.c, or was it just a manual code
> review or luck?

I used a proprietary static analysis tool called BEAM. http://domino.research.ibm.com/comm/research.nsf/pages/r.da.beam.html It found pages of potential errors, about 80% of which seem valid. Fixing the bugs with obvious fixes seems like a good way for me to learn the qemu code while providing a useful service at the same time. If anybody wants to see the output of the tool (plenty of bugs to go around) please email me off list. Some of the bugs it found, I'm thinking of out of bound array accesses and returning pointers to stack variables, probably have security implications so I'd like to not share those publicly until there are patches to fix them.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]