[Qemu-devel] [PULL 06/32] hw/arm/smmuv3: Fix Coverity issue in smmuv3_record_event

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Subject: [Qemu-devel] [PULL 06/32] hw/arm/smmuv3: Fix Coverity issue in smmuv3_record_event
Date: Fri, 18 May 2018 18:19:43 +0100	[thread overview]
Message-ID: <20180518172009.14416-7-peter.maydell@linaro.org> (raw)
In-Reply-To: <20180518172009.14416-1-peter.maydell@linaro.org>

From: Eric Auger <eric.auger@redhat.com>

Coverity complains about use of uninitialized Evt struct.
The EVT_SET_TYPE and similar setters use deposit32() on fields
in the struct, so they read the uninitialized existing values.
In cases where we don't set all the fields in the event struct
we'll end up leaking random uninitialized data from QEMU's
stack into the guest.

Initializing the struct with "Evt evt = {};" ought to satisfy
Coverity and fix the data leak.

Signed-off-by: Eric Auger <eric.auger@redhat.com>
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 1526493784-25328-2-git-send-email-eric.auger@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/smmuv3.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
index b3026dea20..42dc521c13 100644
--- a/hw/arm/smmuv3.c
+++ b/hw/arm/smmuv3.c
@@ -143,7 +143,7 @@ static MemTxResult smmuv3_write_eventq(SMMUv3State *s, Evt *evt)
 
 void smmuv3_record_event(SMMUv3State *s, SMMUEventInfo *info)
 {
-    Evt evt;
+    Evt evt = {};
     MemTxResult r;
 
     if (!smmuv3_eventq_enabled(s)) {
-- 
2.17.0

next prev parent reply	other threads:[~2018-05-18 17:20 UTC|newest]

Thread overview: 37+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-05-18 17:19 [Qemu-devel] [PULL 00/32] target-arm queue Peter Maydell
2018-05-18 17:19 ` [Qemu-devel] [PULL 01/32] target/arm: Add "ARM_CP_NO_GDB" as a new bit field for ARMCPRegInfo type Peter Maydell
2018-05-18 17:19 ` [Qemu-devel] [PULL 02/32] target/arm: Add "_S" suffix to the secure version of a sysreg Peter Maydell
2018-05-18 17:19 ` [Qemu-devel] [PULL 03/32] target/arm: Add the XML dynamic generation Peter Maydell
2018-05-18 17:19 ` [Qemu-devel] [PULL 04/32] xlnx-zdma: Add a model of the Xilinx ZynqMP generic DMA Peter Maydell
2018-05-25 13:51   ` Peter Maydell
2018-05-25 16:24     ` francisco iglesias
2018-05-25 13:57   ` Peter Maydell
2018-05-18 17:19 ` [Qemu-devel] [PULL 05/32] xlnx-zynqmp: Connect the ZynqMP GDMA and ADMA Peter Maydell
2018-05-18 17:19 ` Peter Maydell [this message]
2018-05-18 17:19 ` [Qemu-devel] [PULL 07/32] hw/arm/smmu-common: Fix coverity issue in get_block_pte_address Peter Maydell
2018-05-18 17:19 ` [Qemu-devel] [PULL 08/32] target/arm: Introduce translate-a64.h Peter Maydell
2018-05-18 17:19 ` [Qemu-devel] [PULL 09/32] target/arm: Add SVE decode skeleton Peter Maydell
2018-05-18 17:19 ` [Qemu-devel] [PULL 10/32] target/arm: Implement SVE Bitwise Logical - Unpredicated Group Peter Maydell
2018-05-18 17:19 ` [Qemu-devel] [PULL 11/32] target/arm: Implement SVE load vector/predicate Peter Maydell
2018-05-18 17:19 ` [Qemu-devel] [PULL 12/32] target/arm: Implement SVE predicate test Peter Maydell
2018-05-18 17:19 ` [Qemu-devel] [PULL 13/32] target/arm: Implement SVE Predicate Logical Operations Group Peter Maydell
2018-05-18 17:19 ` [Qemu-devel] [PULL 14/32] target/arm: Implement SVE Predicate Misc Group Peter Maydell
2018-05-18 17:19 ` [Qemu-devel] [PULL 15/32] target/arm: Implement SVE Integer Binary Arithmetic - Predicated Group Peter Maydell
2018-05-18 17:19 ` [Qemu-devel] [PULL 16/32] target/arm: Implement SVE Integer Reduction Group Peter Maydell
2018-05-18 17:19 ` [Qemu-devel] [PULL 17/32] target/arm: Implement SVE bitwise shift by immediate (predicated) Peter Maydell
2018-05-18 17:19 ` [Qemu-devel] [PULL 18/32] target/arm: Implement SVE bitwise shift by vector (predicated) Peter Maydell
2018-05-18 17:19 ` [Qemu-devel] [PULL 19/32] target/arm: Implement SVE bitwise shift by wide elements (predicated) Peter Maydell
2018-05-18 17:19 ` [Qemu-devel] [PULL 20/32] target/arm: Implement SVE Integer Arithmetic - Unary Predicated Group Peter Maydell
2018-05-18 17:19 ` [Qemu-devel] [PULL 21/32] target/arm: Implement SVE Integer Multiply-Add Group Peter Maydell
2018-05-18 17:19 ` [Qemu-devel] [PULL 22/32] target/arm: Implement SVE Integer Arithmetic - Unpredicated Group Peter Maydell
2018-05-18 17:20 ` [Qemu-devel] [PULL 23/32] target/arm: Implement SVE Index Generation Group Peter Maydell
2018-05-18 17:20 ` [Qemu-devel] [PULL 24/32] target/arm: Implement SVE Stack Allocation Group Peter Maydell
2018-05-18 17:20 ` [Qemu-devel] [PULL 25/32] target/arm: Implement SVE Bitwise Shift - Unpredicated Group Peter Maydell
2018-05-18 17:20 ` [Qemu-devel] [PULL 26/32] target/arm: Implement SVE Compute Vector Address Group Peter Maydell
2018-05-18 17:20 ` [Qemu-devel] [PULL 27/32] target/arm: Implement SVE floating-point exponential accelerator Peter Maydell
2018-05-18 17:20 ` [Qemu-devel] [PULL 28/32] target/arm: Implement SVE floating-point trig select coefficient Peter Maydell
2018-05-18 17:20 ` [Qemu-devel] [PULL 29/32] target/arm: Implement SVE Element Count Group Peter Maydell
2018-05-18 17:20 ` [Qemu-devel] [PULL 30/32] target/arm: Implement SVE Bitwise Immediate Group Peter Maydell
2018-05-18 17:20 ` [Qemu-devel] [PULL 31/32] target/arm: Implement SVE Integer Wide Immediate - Predicated Group Peter Maydell
2018-05-18 17:20 ` [Qemu-devel] [PULL 32/32] target/arm: Implement SVE Permute - Extract Group Peter Maydell
2018-05-18 18:48 ` [Qemu-devel] [PULL 00/32] target-arm queue Peter Maydell

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:b3026dea2 dfblob:42dc521c1 )
 OR (
bs:"[Qemu-devel] [PULL 06/32] hw/arm/smmuv3: Fix Coverity issue in smmuv3_record_event" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180518172009.14416-7-peter.maydell@linaro.org \
    --to=peter.maydell@linaro.org \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).