[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 10/14] usb-mtp: avoid warning about unaligned ac
|
From: |
Daniel P . Berrangé |
|
Subject: |
Re: [Qemu-devel] [PATCH 10/14] usb-mtp: avoid warning about unaligned access to filename |
|
Date: |
Fri, 29 Mar 2019 15:27:22 +0000 |
|
User-agent: |
Mutt/1.11.3 (2019-02-01) |
On Fri, Mar 29, 2019 at 12:04:45PM +0000, Peter Maydell wrote:
> On Fri, 29 Mar 2019 at 11:22, Daniel P. Berrangé <address@hidden> wrote:
> >
> > The 'filename' field in ObjectInfo struct is declared as a
> > zero length array of uint16_t. Accessing it is equivalent
> > to taking the address of the field, and taking the address
> > of fields in a packed struct causes unaligned pointer
> > warnings:
> >
> > hw/usb/dev-mtp.c: In function ‘usb_mtp_write_metadata’:
> > hw/usb/dev-mtp.c:1712:36: warning: taking address of packed member of
> > ‘struct <anonymous>’ may result in an unaligned pointer value
> > [-Waddress-of-packed-member]
> > 1712 | dataset->filename);
> > | ~~~~~~~^~~~~~~~~~
>
> This one's come up before -- see
> http://patchwork.ozlabs.org/patch/1049654/
> and my comments on it. I think that utf16_to_str()
> should take a byte array and use the appropriate
> lduw_*_p() function to read from it, and that we
> need to think more carefully about endianness and
> about the "malicious short buffer" case.
Yeah this code is even more of a disaster than i realized. This filename
handling is probably CVE worthy.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
- [Qemu-devel] [PATCH 04/14] linux-user: avoid string truncation warnings in uname field copying, (continued)
- [Qemu-devel] [PATCH 04/14] linux-user: avoid string truncation warnings in uname field copying, Daniel P . Berrangé, 2019/03/29
- [Qemu-devel] [PATCH 05/14] linux-user: avoid string truncation warnings in elf field copying, Daniel P . Berrangé, 2019/03/29
- [Qemu-devel] [PATCH 06/14] sockets: avoid string truncation warnings when copying UNIX path, Daniel P . Berrangé, 2019/03/29
- [Qemu-devel] [PATCH 07/14] hw/usb: avoid format truncation warning when formatting port name, Daniel P . Berrangé, 2019/03/29
- [Qemu-devel] [PATCH 09/14] usb-mtp: fix string length for filename when writing metadata, Daniel P . Berrangé, 2019/03/29
- [Qemu-devel] [PATCH 08/14] qxl: avoid unaligned pointer reads/writes, Daniel P . Berrangé, 2019/03/29
- [Qemu-devel] [PATCH 10/14] usb-mtp: avoid warning about unaligned access to filename, Daniel P . Berrangé, 2019/03/29
- [Qemu-devel] [PATCH 11/14] hw/vfio/ccw: avoid taking address members in packed structs, Daniel P . Berrangé, 2019/03/29
- [Qemu-devel] [PATCH 13/14] hw/s390x/ipl: avoid taking address of fields in packed struct, Daniel P . Berrangé, 2019/03/29
- [Qemu-devel] [PATCH 14/14] hw/s390x/3270-ccw: avoid taking address of fields in packed struct, Daniel P . Berrangé, 2019/03/29