[PULL 12/19] hw/char/stm32l4x5_usart: Fix memory corruption by adding correct class_size

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Thomas Huth <thuth@redhat.com>
To: qemu-devel@nongnu.org, Richard Henderson <richard.henderson@linaro.org>
Cc: "Philippe Mathieu-Daudé" <philmd@linaro.org>
Subject: [PULL 12/19] hw/char/stm32l4x5_usart: Fix memory corruption by adding correct class_size
Date: Tue, 30 Apr 2024 09:13:33 +0200	[thread overview]
Message-ID: <20240430071340.413305-13-thuth@redhat.com> (raw)
In-Reply-To: <20240430071340.413305-1-thuth@redhat.com>

"make check-qtest-aarch64" recently started failing on FreeBSD builds,
and valgrind on Linux also detected that there is something fishy with
the new stm32l4x5-usart: The code forgot to set the correct class_size
here, so the various class_init functions in this file wrote beyond
the allocated buffer when setting the subc->type field.

Fixes: 4fb37aea7e ("hw/char: Implement STM32L4x5 USART skeleton")
Message-ID: <20240429075908.36302-1-thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
---
 hw/char/stm32l4x5_usart.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/char/stm32l4x5_usart.c b/hw/char/stm32l4x5_usart.c
index 2627aab832..02f666308c 100644
--- a/hw/char/stm32l4x5_usart.c
+++ b/hw/char/stm32l4x5_usart.c
@@ -617,6 +617,7 @@ static const TypeInfo stm32l4x5_usart_types[] = {
         .parent         = TYPE_SYS_BUS_DEVICE,
         .instance_size  = sizeof(Stm32l4x5UsartBaseState),
         .instance_init  = stm32l4x5_usart_base_init,
+        .class_size     = sizeof(Stm32l4x5UsartBaseClass),
         .class_init     = stm32l4x5_usart_base_class_init,
         .abstract       = true,
     }, {
-- 
2.44.0

next prev parent reply	other threads:[~2024-04-30  7:15 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-04-30  7:13 [PULL 00/19] Misc patches (s390x clean-ups, fixes for crashes, ...) Thomas Huth
2024-04-30  7:13 ` [PULL 01/19] target/s390x/cpu_model: Make check_compatibility() return boolean Thomas Huth
2024-04-30  7:13 ` [PULL 02/19] target/s390x/cpu_model: Drop local @err in s390_realize_cpu_model() Thomas Huth
2024-04-30  7:13 ` [PULL 03/19] target/s390x/cpu_models: Make kvm_s390_get_host_cpu_model() return boolean Thomas Huth
2024-04-30  7:13 ` [PULL 04/19] target/s390x/cpu_models: Drop local @err in get_max_cpu_model() Thomas Huth
2024-04-30  7:13 ` [PULL 05/19] target/s390x/cpu_models: Make kvm_s390_apply_cpu_model() return boolean Thomas Huth
2024-04-30  7:13 ` [PULL 06/19] target/s390x/cpu_models_sysemu: Drop local @err in apply_cpu_model() Thomas Huth
2024-04-30  7:13 ` [PULL 07/19] hw: misc: edu: fix 2 off-by-one errors Thomas Huth
2024-04-30  7:13 ` [PULL 08/19] hw: misc: edu: rename local vars in edu_check_range Thomas Huth
2024-04-30  7:13 ` [PULL 09/19] hw: misc: edu: use qemu_log_mask instead of hw_error Thomas Huth
2024-04-30  7:13 ` [PULL 10/19] stubs: Add missing qga stubs Thomas Huth
2024-04-30  7:13 ` [PULL 11/19] qga: Re-enable the qga-ssh-test when running without fuzzing Thomas Huth
2024-04-30  7:13 ` Thomas Huth [this message]
2024-04-30  7:13 ` [PULL 13/19] build-environment: make some packages optional Thomas Huth
2024-04-30  7:13 ` [PULL 14/19] gitlab: migrate the s390x custom machine to 22.04 Thomas Huth
2024-04-30  7:13 ` [PULL 15/19] gitlab: remove stale s390x-all-linux-static conf hacks Thomas Huth
2024-04-30  7:13 ` [PULL 16/19] hw/ide/core.c (cmd_read_native_max): Avoid limited device parameters Thomas Huth
2024-04-30  7:13 ` [PULL 17/19] tests/qtest/ide-test: Verify READ NATIVE MAX ADDRESS is not limited Thomas Huth
2024-04-30  7:13 ` [PULL 18/19] .gitlab-ci.d/cirrus.yml: Shorten the runtime of the macOS and FreeBSD jobs Thomas Huth
2024-04-30  7:13 ` [PULL 19/19] .gitlab-ci.d/cirrus: Remove the netbsd and openbsd jobs Thomas Huth
2024-04-30 23:00 ` [PULL 00/19] Misc patches (s390x clean-ups, fixes for crashes, ...) Richard Henderson

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:2627aab83 dfblob:02f666308 )
 OR (
bs:"[PULL 12/19] hw/char/stm32l4x5_usart: Fix memory corruption by adding correct class_size" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240430071340.413305-13-thuth@redhat.com \
    --to=thuth@redhat.com \
    --cc=philmd@linaro.org \
    --cc=qemu-devel@nongnu.org \
    --cc=richard.henderson@linaro.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).