From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:40500) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1avQfX-0001er-Rz for qemu-devel@nongnu.org; Wed, 27 Apr 2016 10:42:25 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1avQfU-0000Mb-Ls for qemu-devel@nongnu.org; Wed, 27 Apr 2016 10:42:23 -0400 Received: from mx1.redhat.com ([209.132.183.28]:34557) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1avQfU-0000MP-Fr for qemu-devel@nongnu.org; Wed, 27 Apr 2016 10:42:20 -0400 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 22C65821C7 for ; Wed, 27 Apr 2016 14:42:20 +0000 (UTC) References: <1461767349-15329-1-git-send-email-armbru@redhat.com> <1461767349-15329-2-git-send-email-armbru@redhat.com> From: Eric Blake Message-ID: <5720CFCB.5030303@redhat.com> Date: Wed, 27 Apr 2016 08:42:19 -0600 MIME-Version: 1.0 In-Reply-To: <1461767349-15329-2-git-send-email-armbru@redhat.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="rVBww0nWpoPF5RWpWSsIqeIBdrHNaLF0o" Subject: Re: [Qemu-devel] [PATCH for-2.6 1/3] QemuOpts: Fix qemu_opts_foreach() dangling location regression List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Markus Armbruster , qemu-devel@nongnu.org This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --rVBww0nWpoPF5RWpWSsIqeIBdrHNaLF0o Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 04/27/2016 08:29 AM, Markus Armbruster wrote: > qemu_opts_foreach() pushes and pops a Location with automatic storage > duration. Except it fails to pop when @func() returns non-zero. > cur_loc then points to unused stack space, and will most likely get > clobbered in short order. >=20 > Clobbered cur_loc can make loc_pop() and error_print_loc() crash or > report bogus locations. >=20 > Affects several qemu command line options as well as qemu-img, > qemu-io, qemu-nbd -object, and blkdebug's configuration file. >=20 > Broken in commit a4c7367, v2.4.0. Latent bug means it's not a regression between 2.5 and 2.6, but I agree that if there is time to get this in 2.6, it is worth having. It's a shame that valgrind doesn't catch use of stale stack space. > cur_loc then points to where qemu_opts_foreach()'s Location used to > be, i.e. unused stack space. With optimization, this Location doesn't > get clobbered for me, and also happens to be the correct location. > Without optimization, it does get clobbered in a way that makes > error_report_err() report no location. And that explains why some people were having problems reproducing. >=20 > Signed-off-by: Markus Armbruster > --- > util/qemu-option.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) Reviewed-by: Eric Blake --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --rVBww0nWpoPF5RWpWSsIqeIBdrHNaLF0o Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJXIM/LAAoJEKeha0olJ0NqplAH/1VcT/8Tq0Lf8wIsGsgH3U+x 7zDyUPiJ/U6CbaQSwOK2ZdcvCngc/V64DgjGMQUz8AHArd6OmRYmP2G+23m3qJEe cgcBVtjUfXP6dRUSJ6UcuACRDAFIpmHA7PY2I3aqAPOCKQVM3h+m2/heooiiVdfY sHbsn2ziUw1Vo8oJJDUVXc7RAKcBdcn/BxngphK8LBzZg5gmROrOlWxJNMj0HqKY ZjmYrPofKOKOdPO+8ZFaU7gT2ikRiyCdnFeRSswyJNCM967IRgvlZZAiEAOvGeAd 7kL5K+Wx7AOj2wKgJL8OpFkMwMNAutAlKEDxg9X0OzO7NtrwGi5o18is5KDeyAU= =MhP5 -----END PGP SIGNATURE----- --rVBww0nWpoPF5RWpWSsIqeIBdrHNaLF0o--