From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1Lui4Q-0004yp-AN for qemu-devel@nongnu.org; Fri, 17 Apr 2009 03:01:06 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1Lui4L-0004yB-Vq for qemu-devel@nongnu.org; Fri, 17 Apr 2009 03:01:05 -0400 Received: from [199.232.76.173] (port=46012 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Lui4L-0004y8-Pt for qemu-devel@nongnu.org; Fri, 17 Apr 2009 03:01:01 -0400 Received: from mx20.gnu.org ([199.232.41.8]:21741) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1Lui4L-0004sF-7Z for qemu-devel@nongnu.org; Fri, 17 Apr 2009 03:01:01 -0400 Received: from fmmailgate03.web.de ([217.72.192.234]) by mx20.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1Lui4K-0000DX-FK for qemu-devel@nongnu.org; Fri, 17 Apr 2009 03:01:00 -0400 Message-ID: <49E8292A.8080900@web.de> Date: Fri, 17 Apr 2009 09:00:58 +0200 From: Jan Kiszka MIME-Version: 1.0 References: <1239944809-14327-1-git-send-email-zamsden@redhat.com> In-Reply-To: <1239944809-14327-1-git-send-email-zamsden@redhat.com> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig35DE4DD04825CD48E8B6DB68" Sender: jan.kiszka@web.de Subject: [Qemu-devel] Re: [PATCH] Fix changing password using monitor over VNC. Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: Zachary Amsden This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig35DE4DD04825CD48E8B6DB68 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable Zachary Amsden wrote: > A simple segfault turned out to be a relatively complex fix. >=20 > The monitor calls back to main_loop_wait() to wait for the completion > of the password change event; this results in a nested invocation of This is no longer true with trunk as this nasty blocking password reading has been converted into an async operation. Is your patch required nevertheless? Or is this band-aid for stable? > the associated I/O handlers. For stdio monitor, this is okay, but VNC > maintains an input buffer which is not flushed until after the > invocation of protocol actions. This is non-reentrant; the result is > that the nested invocation consumes the same protocol event as the > parent (which was a '\n', setting a NULL password), and it gets worse > when both the child and the parent attempt to shift in the same input > event, resulting in a memmove of size -1ULL, and a segfault. >=20 > The fix is to consume the input buffer before invoking protocol actions= > which may cause nested invocation of the handler; we must also set up > the child handler to receive new events, which was cleanest done with > vnc_read_when() from the protcol handler (doing it in the outer loop > causes bugs with other types of waits, such as auth). We return fed=3D= 1 > from the outer handler to prevent the logic in vnc_client_read from > reconsuming the pre-consumed buffer, and simply reset the expect > value to receive the next protocol command. >=20 > Signed-off-by: Zachary Amsden > --- Jan --------------enig35DE4DD04825CD48E8B6DB68 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iEYEARECAAYFAknoKSoACgkQniDOoMHTA+kWDgCeLReF5QyonWLMhRhUmkliltgP 1bwAnj/HBiUKJLoib4ystu5CgKT4JWzC =3ubH -----END PGP SIGNATURE----- --------------enig35DE4DD04825CD48E8B6DB68--