From: Peter Maydell <peter.maydell@linaro.org>
To: "Alex Bennée" <alex.bennee@linaro.org>
Cc: Riku Voipio <riku.voipio@iki.fi>,
Richard Henderson <richard.henderson@linaro.org>,
QEMU Developers <qemu-devel@nongnu.org>,
"open list:ARM" <qemu-arm@nongnu.org>,
Laurent Vivier <laurent@vivier.eu>
Subject: Re: [Qemu-devel] [PULL 06/28] target/arm: use the common interface for WRITE0/WRITEC in arm-semi
Date: Thu, 30 May 2019 12:34:32 +0100 [thread overview]
Message-ID: <CAFEAcA8Azc9g7MfWE1_WbRQCMejHXpE62bYojRw+B9maAX=+hQ@mail.gmail.com> (raw)
In-Reply-To: <20190528094953.14898-7-alex.bennee@linaro.org>
On Tue, 28 May 2019 at 10:49, Alex Bennée <alex.bennee@linaro.org> wrote:
>
> Now we have a common semihosting console interface use that for our
> string output. However ARM is currently unique in also supporting
> semihosting for linux-user so we need to replicate the API in
> linux-user. If other architectures gain this support we can move the
> file later.
>
> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Hi; Coverity points out an issue in this function (CID 1401700):
> +int qemu_semihosting_console_out(CPUArchState *env, target_ulong addr, int len)
> +{
> + void *s = lock_user_string(addr);
> + len = write(STDERR_FILENO, s, len ? len : strlen(s));
> + unlock_user(s, addr, 0);
> + return len;
> +}
We call lock_user_string(), which can fail and return NULL
if the memory pointed to by addr isn't actually readable.
But we don't check for the error, so we can pass a NULL
pointer to write().
Also it looks a bit dodgy that we are passed in a
specific length value but we then go and look at the length
of the string, but we trust the specific length value over
the length of the string. If len is larger than the real
length of the string (including terminating NUL) then the
write() will read off the end of the string.
thanks
-- PMM
next prev parent reply other threads:[~2019-05-30 11:35 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-28 9:49 [Qemu-devel] [PULL 00/28] testing/next (system tests, docker, iotests) Alex Bennée
2019-05-28 9:49 ` [Qemu-devel] [PULL 01/28] semihosting: move semihosting configuration into its own directory Alex Bennée
2019-05-28 9:49 ` [Qemu-devel] [PULL 02/28] semihosting: introduce CONFIG_SEMIHOSTING Alex Bennée
2019-05-28 9:49 ` [Qemu-devel] [PULL 03/28] semihosting: implement a semihosting console Alex Bennée
2019-05-28 9:49 ` [Qemu-devel] [PULL 04/28] semihosting: enable chardev backed output for console Alex Bennée
2019-05-28 9:49 ` [Qemu-devel] [PULL 05/28] target/arm: fixup some of the commentary for arm-semi Alex Bennée
2019-05-28 9:49 ` [Qemu-devel] [PULL 06/28] target/arm: use the common interface for WRITE0/WRITEC in arm-semi Alex Bennée
2019-05-30 11:34 ` Peter Maydell [this message]
2019-05-30 12:35 ` Alex Bennée
2019-05-30 12:36 ` Peter Maydell
2019-05-28 9:49 ` [Qemu-devel] [PULL 07/28] target/arm: add LOG_UNIMP messages to arm-semi Alex Bennée
2019-05-28 9:49 ` [Qemu-devel] [PULL 08/28] target/arm: correct return values for WRITE/READ in arm-semi Alex Bennée
2019-05-28 9:49 ` [Qemu-devel] [PULL 09/28] target/mips: only build mips-semi for softmmu Alex Bennée
2019-05-28 9:49 ` [Qemu-devel] [PULL 10/28] target/mips: convert UHI_plog to use common semihosting code Alex Bennée
2019-05-28 9:49 ` [Qemu-devel] [PULL 11/28] MAINTAINERS: update for semihostings new home Alex Bennée
2019-05-28 9:49 ` [Qemu-devel] [PULL 12/28] tests/docker: add ubuntu 18.04 Alex Bennée
2019-05-28 9:49 ` [Qemu-devel] [PULL 13/28] tests/docker: Test more components on the Fedora default image Alex Bennée
2019-05-28 9:49 ` [Qemu-devel] [PULL 14/28] tests/tcg/multiarch: add support for multiarch system tests Alex Bennée
2019-05-28 9:49 ` [Qemu-devel] [PULL 15/28] tests/tcg/multiarch: add hello world system test Alex Bennée
2019-05-28 9:49 ` [Qemu-devel] [PULL 16/28] editorconfig: add settings for .s/.S files Alex Bennée
2019-05-28 9:49 ` [Qemu-devel] [PULL 17/28] tests/tcg/aarch64: add system boot.S Alex Bennée
2019-05-28 9:49 ` [Qemu-devel] [PULL 18/28] tests/tcg/multiarch: move the system memory test Alex Bennée
2019-05-28 9:49 ` [Qemu-devel] [PULL 19/28] tests/tcg/minilib: support %c format char Alex Bennée
2019-05-28 9:49 ` [Qemu-devel] [PULL 20/28] tests/tcg/multiarch: expand system memory test to cover more Alex Bennée
2019-05-28 9:49 ` [Qemu-devel] [PULL 21/28] tests/tcg/alpha: add system boot.S Alex Bennée
2019-05-28 9:49 ` [Qemu-devel] [PULL 22/28] .travis.yml: enable aarch64-softmmu and alpha-softmmu tcg tests Alex Bennée
2019-05-28 9:49 ` [Qemu-devel] [PULL 23/28] Makefile: fix coverage-report reference to BUILD_DIR Alex Bennée
2019-05-28 9:49 ` [Qemu-devel] [PULL 24/28] Makefile: include per-target build directories in coverage report Alex Bennée
2019-05-28 9:49 ` [Qemu-devel] [PULL 25/28] Makefile.target: support per-target coverage reports Alex Bennée
2019-05-28 9:49 ` [Qemu-devel] [PULL 26/28] tests/qemu-iotests/group: Re-use the "auto" group for tests that can always run Alex Bennée
2019-05-28 9:49 ` [Qemu-devel] [PULL 27/28] tests/qemu-iotests: re-format output to for make check-block Alex Bennée
2019-05-28 9:49 ` [Qemu-devel] [PULL 28/28] tests: Run the iotests during "make check" again Alex Bennée
2019-05-28 13:24 ` [Qemu-devel] [PULL 00/28] testing/next (system tests, docker, iotests) Peter Maydell
2019-05-28 13:47 ` Alex Bennée
2019-05-28 14:02 ` Peter Maydell
2019-05-28 15:09 ` Alex Bennée
2019-05-30 15:14 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAFEAcA8Azc9g7MfWE1_WbRQCMejHXpE62bYojRw+B9maAX=+hQ@mail.gmail.com' \
--to=peter.maydell@linaro.org \
--cc=alex.bennee@linaro.org \
--cc=laurent@vivier.eu \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=riku.voipio@iki.fi \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).