Re: [linux-agent v1 1/5] virtio-port: initialize struct before memcpy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

On Tue, Dec 18, 2018 at 12:06:01PM -0500, Frediano Ziglio wrote:
> 
> > 
> > From: Victor Toso <me@xxxxxxxxxxxxxx>
> > 
> > Found by coverity:
> > 
> >  | uninit_use_in_call: Using uninitialized value "message_header". Field
> >  | "message_header.data" is uninitialized when calling "memcpy".
> > 
> > Signed-off-by: Victor Toso <victortoso@xxxxxxxxxx>
> 
> This structure is defined as:
> 
> typedef struct SPICE_ATTR_PACKED VDAgentMessage {
>     uint32_t protocol;
>     uint32_t type;
>     uint64_t opaque;
>     uint32_t size;
>     uint8_t data[0];
> } VDAgentMessage;
> 
> so data field is 0 bytes (note also the packet attribute so there's no
> padding at the end of the structure).
> 
> It's just a false positive on Coverity.

Right, I saw some usage of this in spice-gtk and I thought it was
also to shut coverity.
 
> > ---
> >  src/vdagentd/virtio-port.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/src/vdagentd/virtio-port.c b/src/vdagentd/virtio-port.c
> > index e48d107..7b148d5 100644
> > --- a/src/vdagentd/virtio-port.c
> > +++ b/src/vdagentd/virtio-port.c
> > @@ -198,7 +198,7 @@ void vdagent_virtio_port_write_start(
> >  {
> >      struct vdagent_virtio_port_buf *wbuf, *new_wbuf;
> >      VDIChunkHeader chunk_header;
> > -    VDAgentMessage message_header;
> > +    VDAgentMessage message_header = { 0, };
> >  
> >      new_wbuf = g_new(struct vdagent_virtio_port_buf, 1);
> >      new_wbuf->pos = 0;
> 
> Why not replacing
> 
>     message_header.protocol = GUINT32_TO_LE(VD_AGENT_PROTOCOL);
>     message_header.type = GUINT32_TO_LE(message_type);
>     message_header.opaque = GUINT64_TO_LE(message_opaque);
>     message_header.size = GUINT32_TO_LE(data_size);
>     memcpy(new_wbuf->buf + new_wbuf->write_pos, &message_header,
>            sizeof(message_header));
> 
> with
> 
>     VDAgentMessage *message_header = (VDAgentMessage *) (new_wbuf->buf + new_wbuf->write_pos);
>     message_header->protocol = GUINT32_TO_LE(VD_AGENT_PROTOCOL);
>     message_header->type = GUINT32_TO_LE(message_type);
>     message_header->opaque = GUINT64_TO_LE(message_opaque);
>     message_header->size = GUINT32_TO_LE(data_size);
> 
> (need to change other message_header usages too, chunk_header could be changed in a similar way) ?

If you think it is better, feel free to send the patch.

> 
> Frediano

Thanks again,
Victor

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel
[Index of Archives]     [Linux Virtualization]     [Linux Virtualization]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]     [Monitors]