From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:44285) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xrm9I-00041s-5Y for qemu-devel@nongnu.org; Fri, 21 Nov 2014 06:13:16 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Xrm9D-0005iH-B8 for qemu-devel@nongnu.org; Fri, 21 Nov 2014 06:13:12 -0500 Received: from mx1.redhat.com ([209.132.183.28]:35240) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xrm9D-0005i6-3i for qemu-devel@nongnu.org; Fri, 21 Nov 2014 06:13:07 -0500 From: Stefan Hajnoczi Date: Fri, 21 Nov 2014 11:12:39 +0000 Message-Id: <1416568359-6750-5-git-send-email-stefanha@redhat.com> In-Reply-To: <1416568359-6750-1-git-send-email-stefanha@redhat.com> References: <1416568359-6750-1-git-send-email-stefanha@redhat.com> Subject: [Qemu-devel] [PULL for-2.2 4/4] rtl8139: fix Pointer to local outside scope List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: Peter Maydell , Gonglei , Stefan Hajnoczi , Paolo Bonzini From: Gonglei Coverity spot: Assigning: iov = struct iovec [3]({{buf, 12UL}, {(void *)dot1q_buf, 4UL}, {buf + 12, size - 12}}) (address of temporary variable of type struct iovec [3]). out_of_scope: Temporary variable of type struct iovec [3] goes out of scope. Pointer to local outside scope (RETURN_LOCAL) use_invalid: Using iov, which points to an out-of-scope temporary variable of type struct iovec [3]. Signed-off-by: Gonglei Signed-off-by: Paolo Bonzini Reviewed-by: Jason Wang Signed-off-by: Stefan Hajnoczi --- hw/net/rtl8139.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c index 8b8a1b1..5f0197c 100644 --- a/hw/net/rtl8139.c +++ b/hw/net/rtl8139.c @@ -1775,6 +1775,7 @@ static void rtl8139_transfer_frame(RTL8139State *s, uint8_t *buf, int size, int do_interrupt, const uint8_t *dot1q_buf) { struct iovec *iov = NULL; + struct iovec vlan_iov[3]; if (!size) { @@ -1789,6 +1790,9 @@ static void rtl8139_transfer_frame(RTL8139State *s, uint8_t *buf, int size, { .iov_base = buf + ETHER_ADDR_LEN * 2, .iov_len = size - ETHER_ADDR_LEN * 2 }, }; + + memcpy(vlan_iov, iov, sizeof(vlan_iov)); + iov = vlan_iov; } if (TxLoopBack == (s->TxConfig & TxLoopBack)) -- 2.1.0