[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] nbd: Initialize reply on failure
|
From: |
Eric Blake |
|
Subject: |
Re: [Qemu-devel] [PATCH] nbd: Initialize reply on failure |
|
Date: |
Fri, 19 Jul 2019 12:06:40 -0500 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.0 |
On 7/19/19 10:03 AM, Eric Blake wrote:
> We've had two separate reports of a caller running into use of
> uninitialized data if s->quit is set (one detected by gcc -O3, another
> by valgrind), due to checking 'nbd_reply_is_simple(reply) || s->quit'
> in the wrong order. Rather than chasing down which callers need to
> pre-initialize reply, it's easier to guarantee that reply will always
> be set by nbd_co_receive_one_chunk() even on failure.
>
I'm adding:
The bug is harmless (the only time uninitialized use is possible is if
s->quit is set, so the conditional resolves to the same branch
regardless of the contents of reply), but was introduced in commit 65e01d47.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
signature.asc
Description: OpenPGP digital signature