From: "Daniel P. Berrange" <berrange@redhat.com>
To: Steve Grubb <sgrubb@redhat.com>
Cc: Kevin Wolf <kwolf@redhat.com>,
"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>
Subject: Re: [Qemu-devel] Fwd: qemu code review
Date: Mon, 23 Nov 2009 10:44:11 +0000 [thread overview]
Message-ID: <20091123104411.GA22000@redhat.com> (raw)
In-Reply-To: <200911191311.56137.sgrubb@redhat.com>
On Thu, Nov 19, 2009 at 01:11:56PM -0500, Steve Grubb wrote:
> On Thursday 19 November 2009 04:09:48 am Kevin Wolf wrote:
> > >> ...
> > >> In hw/e1000.c at line 89, vlan is declared to be 4 bytes. At line 382 is
> > >> an attempt to do a memmove over it with a size of 12.
> > >
> > > Obviously this was intentional. Would replacing
> > > memmove(tp->vlan, tp->data, 12);
> > > by
> > > memmove(tp->data - 4, tp->data, 12);
> > > be better and satisfy the analysis tool?
>
> No. Its likely point out a negative index.
>
> > > Or even better (hopefully the compiler will combine both statements)
> > > memmove(tp->vlan, tp->data, 4);
> > > memmove(tp->data, tp->data + 4, 8);
>
> This would make it happier. But if a comment was made that its intentionally
> overrunning the vlan array, it would cause less concern.
Even if it was delibrate, it should be changed because when you build
with FORTIFY_SOURCE, glibc tries to add check for overruns in this type
of scenario and will abort the process. We're already being hit by aborts()
on these delibrate overruns in the vvfat block driver
https://bugzilla.redhat.com/show_bug.cgi?id=538047
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
prev parent reply other threads:[~2009-11-23 10:44 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-11-18 11:39 [Qemu-devel] Fwd: qemu code review Kevin Wolf
2009-11-18 16:34 ` malc
2009-11-18 18:43 ` Blue Swirl
2009-11-18 19:06 ` Stefan Weil
2009-11-19 9:09 ` Kevin Wolf
2009-11-19 18:11 ` Steve Grubb
2009-11-19 18:44 ` [Qemu-devel] [PATCH] e1000: Fix warning from " Stefan Weil
2009-11-19 20:16 ` Ian Molton
2009-11-23 10:44 ` Daniel P. Berrange [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20091123104411.GA22000@redhat.com \
--to=berrange@redhat.com \
--cc=kwolf@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=sgrubb@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).