[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [Qemu-arm] [PATCH 1/2] hw/arm/smmuv3: Fix Coverity issu
From: |
Philippe Mathieu-Daudé |
Subject: |
Re: [Qemu-devel] [Qemu-arm] [PATCH 1/2] hw/arm/smmuv3: Fix Coverity issue in smmuv3_record_event |
Date: |
Wed, 16 May 2018 13:02:03 -0300 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 |
On 05/16/2018 03:03 PM, Eric Auger wrote:
> Coverity complains about use of uninitialized Evt struct.
> The EVT_SET_TYPE and similar setters use deposit32() on fields
> in the struct, so they read the uninitialized existing values.
> In cases where we don't set all the fields in the event struct
> we'll end up leaking random uninitialized data from QEMU's
> stack into the guest.
>
> Initializing the struct with "Evt evt = {};" ought to satisfy
> Coverity and fix the data leak.
>
> Signed-off-by: Eric Auger <address@hidden>
> Reported-by: Peter Maydell <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
> ---
> hw/arm/smmuv3.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
> index b3026de..42dc521 100644
> --- a/hw/arm/smmuv3.c
> +++ b/hw/arm/smmuv3.c
> @@ -143,7 +143,7 @@ static MemTxResult smmuv3_write_eventq(SMMUv3State *s,
> Evt *evt)
>
> void smmuv3_record_event(SMMUv3State *s, SMMUEventInfo *info)
> {
> - Evt evt;
> + Evt evt = {};
> MemTxResult r;
>
> if (!smmuv3_eventq_enabled(s)) {
>
[Qemu-devel] [PATCH 1/2] hw/arm/smmuv3: Fix Coverity issue in smmuv3_record_event, Eric Auger, 2018/05/16
- Re: [Qemu-devel] [Qemu-arm] [PATCH 1/2] hw/arm/smmuv3: Fix Coverity issue in smmuv3_record_event,
Philippe Mathieu-Daudé <=
Re: [Qemu-devel] [PATCH 0/2] ARM SMMUv3: Fix a couple of Coverity issues, Peter Maydell, 2018/05/17