* [Qemu-devel] [PATCH 0/2] net: socket backend uses uninitialized variables
@ 2011-10-31 16:11 Markus Armbruster
2011-10-31 16:11 ` [Qemu-devel] [PATCH 1/2] net: socket backend passes junk size to getsockname(), fix Markus Armbruster
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Markus Armbruster @ 2011-10-31 16:11 UTC (permalink / raw)
To: qemu-devel; +Cc: aliguori
Compile-tested only, buyer beware.
Markus Armbruster (2):
net: socket backend passes junk size to getsockname(), fix
net: socket backend shows junk in "info network", fix
net/socket.c | 14 ++++++++++----
1 files changed, 10 insertions(+), 4 deletions(-)
--
1.7.6.4
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Qemu-devel] [PATCH 1/2] net: socket backend passes junk size to getsockname(), fix
2011-10-31 16:11 [Qemu-devel] [PATCH 0/2] net: socket backend uses uninitialized variables Markus Armbruster
@ 2011-10-31 16:11 ` Markus Armbruster
2011-10-31 16:11 ` [Qemu-devel] [PATCH 2/2] net: socket backend shows junk in "info network", fix Markus Armbruster
2011-11-11 9:36 ` [Qemu-devel] [PATCH 0/2] net: socket backend uses uninitialized variables Markus Armbruster
2 siblings, 0 replies; 6+ messages in thread
From: Markus Armbruster @ 2011-10-31 16:11 UTC (permalink / raw)
To: qemu-devel; +Cc: aliguori
net_socket_fd_init_dgram() passes an uninitialized address length to
getsockname(). I guess this happens to work as long as the junk value
is at least sizeof(sockaddr_in).
Spotted by Coverity.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
---
net/socket.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/net/socket.c b/net/socket.c
index e9ef128..eb3e0d6 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -260,6 +260,7 @@ static NetSocketState *net_socket_fd_init_dgram(VLANState *vlan,
*/
if (is_connected) {
+ saddr_len = sizeof(saddr);
if (getsockname(fd, (struct sockaddr *) &saddr, &saddr_len) == 0) {
/* must be bound */
if (saddr.sin_addr.s_addr==0) {
--
1.7.6.4
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [Qemu-devel] [PATCH 2/2] net: socket backend shows junk in "info network", fix
2011-10-31 16:11 [Qemu-devel] [PATCH 0/2] net: socket backend uses uninitialized variables Markus Armbruster
2011-10-31 16:11 ` [Qemu-devel] [PATCH 1/2] net: socket backend passes junk size to getsockname(), fix Markus Armbruster
@ 2011-10-31 16:11 ` Markus Armbruster
2011-11-11 9:36 ` [Qemu-devel] [PATCH 0/2] net: socket backend uses uninitialized variables Markus Armbruster
2 siblings, 0 replies; 6+ messages in thread
From: Markus Armbruster @ 2011-10-31 16:11 UTC (permalink / raw)
To: qemu-devel; +Cc: aliguori
net_socket_fd_init_dgram() prints uninitialized saddr into
nc->info_str.
Spotted by Coverity.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
---
net/socket.c | 13 +++++++++----
1 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/net/socket.c b/net/socket.c
index eb3e0d6..42bbae4 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -288,10 +288,15 @@ static NetSocketState *net_socket_fd_init_dgram(VLANState *vlan,
nc = qemu_new_net_client(&net_dgram_socket_info, vlan, NULL, model, name);
- snprintf(nc->info_str, sizeof(nc->info_str),
- "socket: fd=%d (%s mcast=%s:%d)",
- fd, is_connected ? "cloned" : "",
- inet_ntoa(saddr.sin_addr), ntohs(saddr.sin_port));
+ if (is_connected) {
+ snprintf(nc->info_str, sizeof(nc->info_str),
+ "socket: fd=%d (cloned mcast=%s:%d)",
+ fd, inet_ntoa(saddr.sin_addr), ntohs(saddr.sin_port));
+ } else {
+ snprintf(nc->info_str, sizeof(nc->info_str),
+ "socket: fd=%d",
+ fd);
+ }
s = DO_UPCAST(NetSocketState, nc, nc);
--
1.7.6.4
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [Qemu-devel] [PATCH 0/2] net: socket backend uses uninitialized variables
2011-10-31 16:11 [Qemu-devel] [PATCH 0/2] net: socket backend uses uninitialized variables Markus Armbruster
2011-10-31 16:11 ` [Qemu-devel] [PATCH 1/2] net: socket backend passes junk size to getsockname(), fix Markus Armbruster
2011-10-31 16:11 ` [Qemu-devel] [PATCH 2/2] net: socket backend shows junk in "info network", fix Markus Armbruster
@ 2011-11-11 9:36 ` Markus Armbruster
2011-11-11 13:39 ` Anthony Liguori
2 siblings, 1 reply; 6+ messages in thread
From: Markus Armbruster @ 2011-11-11 9:36 UTC (permalink / raw)
To: qemu-devel; +Cc: aliguori
Ping?
Markus Armbruster <armbru@redhat.com> writes:
> Compile-tested only, buyer beware.
>
> Markus Armbruster (2):
> net: socket backend passes junk size to getsockname(), fix
> net: socket backend shows junk in "info network", fix
>
> net/socket.c | 14 ++++++++++----
> 1 files changed, 10 insertions(+), 4 deletions(-)
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Qemu-devel] [PATCH 0/2] net: socket backend uses uninitialized variables
2011-11-11 9:36 ` [Qemu-devel] [PATCH 0/2] net: socket backend uses uninitialized variables Markus Armbruster
@ 2011-11-11 13:39 ` Anthony Liguori
2011-11-16 7:40 ` Markus Armbruster
0 siblings, 1 reply; 6+ messages in thread
From: Anthony Liguori @ 2011-11-11 13:39 UTC (permalink / raw)
To: Markus Armbruster; +Cc: qemu-devel
On 11/11/2011 03:36 AM, Markus Armbruster wrote:
> Ping?
I assumed "Compile-tested only, buyer beware." was code for, I'll test the
patches later and post to the ML ;-)
Regards,
Anthony Liguori
>
> Markus Armbruster<armbru@redhat.com> writes:
>
>> Compile-tested only, buyer beware.
>>
>> Markus Armbruster (2):
>> net: socket backend passes junk size to getsockname(), fix
>> net: socket backend shows junk in "info network", fix
>>
>> net/socket.c | 14 ++++++++++----
>> 1 files changed, 10 insertions(+), 4 deletions(-)
>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Qemu-devel] [PATCH 0/2] net: socket backend uses uninitialized variables
2011-11-11 13:39 ` Anthony Liguori
@ 2011-11-16 7:40 ` Markus Armbruster
0 siblings, 0 replies; 6+ messages in thread
From: Markus Armbruster @ 2011-11-16 7:40 UTC (permalink / raw)
To: Anthony Liguori; +Cc: qemu-devel
Anthony Liguori <aliguori@us.ibm.com> writes:
> On 11/11/2011 03:36 AM, Markus Armbruster wrote:
>> Ping?
>
> I assumed "Compile-tested only, buyer beware." was code for, I'll test
> the patches later and post to the ML ;-)
Actually, it was "I've never used this network backend, and can't be
bothered to try it now, but maybe someone who is using it would like to
pick up the patches" ;-P
By the time I understood Coverity's reports, the fixes were obvious, so
I posted them. I'm happy to shelve them until they get in the way of
Coverity scanning. Which I don't expect to happen before another >500
reports have been taken care of.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2011-11-16 7:40 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-10-31 16:11 [Qemu-devel] [PATCH 0/2] net: socket backend uses uninitialized variables Markus Armbruster
2011-10-31 16:11 ` [Qemu-devel] [PATCH 1/2] net: socket backend passes junk size to getsockname(), fix Markus Armbruster
2011-10-31 16:11 ` [Qemu-devel] [PATCH 2/2] net: socket backend shows junk in "info network", fix Markus Armbruster
2011-11-11 9:36 ` [Qemu-devel] [PATCH 0/2] net: socket backend uses uninitialized variables Markus Armbruster
2011-11-11 13:39 ` Anthony Liguori
2011-11-16 7:40 ` Markus Armbruster
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).