From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:50130)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <jasowang@redhat.com>) id 1XrdFG-0004Cw-Fj
	for qemu-devel@nongnu.org; Thu, 20 Nov 2014 20:42:51 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <jasowang@redhat.com>) id 1XrdFB-0004q1-Ks
	for qemu-devel@nongnu.org; Thu, 20 Nov 2014 20:42:46 -0500
Received: from mx1.redhat.com ([209.132.183.28]:37575)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <jasowang@redhat.com>) id 1XrdFB-0004px-Bm
	for qemu-devel@nongnu.org; Thu, 20 Nov 2014 20:42:41 -0500
Message-ID: <546E988A.1070905@redhat.com>
Date: Fri, 21 Nov 2014 09:42:34 +0800
From: Jason Wang <jasowang@redhat.com>
MIME-Version: 1.0
References: <1416483303-12072-1-git-send-email-arei.gonglei@huawei.com>
	<1416483303-12072-5-git-send-email-arei.gonglei@huawei.com>
In-Reply-To: <1416483303-12072-5-git-send-email-arei.gonglei@huawei.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH v2 for-2.2 4/4] rtl8139: fix Pointer to
 local outside scope
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: arei.gonglei@huawei.com, qemu-devel@nongnu.org
Cc: pbonzini@redhat.com, peter.huangpeng@huawei.com, stefanha@redhat.com

On 11/20/2014 07:35 PM, arei.gonglei@huawei.com wrote:
> From: Gonglei <arei.gonglei@huawei.com>
>
> Coverity spot:
>  Assigning: iov = struct iovec [3]({{buf, 12UL},
>                        {(void *)dot1q_buf, 4UL},
>                        {buf + 12, size - 12}})
>  (address of temporary variable of type struct iovec [3]).
>  out_of_scope: Temporary variable of type struct iovec [3] goes out of scope.
>
> Pointer to local outside scope (RETURN_LOCAL)
> use_invalid:
>  Using iov, which points to an out-of-scope temporary variable of type struct iovec [3].
>
> Signed-off-by: Gonglei <arei.gonglei@huawei.com>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
>  hw/net/rtl8139.c | 4 ++++
>  1 file changed, 4 insertions(+)
>
> diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
> index 8b8a1b1..5f0197c 100644
> --- a/hw/net/rtl8139.c
> +++ b/hw/net/rtl8139.c
> @@ -1775,6 +1775,7 @@ static void rtl8139_transfer_frame(RTL8139State *s, uint8_t *buf, int size,
>      int do_interrupt, const uint8_t *dot1q_buf)
>  {
>      struct iovec *iov = NULL;
> +    struct iovec vlan_iov[3];
>  
>      if (!size)
>      {
> @@ -1789,6 +1790,9 @@ static void rtl8139_transfer_frame(RTL8139State *s, uint8_t *buf, int size,
>              { .iov_base = buf + ETHER_ADDR_LEN * 2,
>                  .iov_len = size - ETHER_ADDR_LEN * 2 },
>          };
> +
> +        memcpy(vlan_iov, iov, sizeof(vlan_iov));
> +        iov = vlan_iov;
>      }
>  
>      if (TxLoopBack == (s->TxConfig & TxLoopBack))

Reviewed-by: Jason Wang <jasowang@redhat.com>