Acked-by: Jonathon Jongsma <jjongsma@xxxxxxxxxx>
On Thu, 2019-01-03 at 10:02 +0000, Frediano Ziglio wrote:
> Modify directly the new_wbuf->buf buffer instead of writing into
> a temporary buffer and then copy in the final one.
> This also fixes Coverity warning:
>
> | uninit_use_in_call: Using uninitialized value "message_header".
> Field
> | "message_header.data" is uninitialized when calling "memcpy".
>
> Signed-off-by: Frediano Ziglio <fziglio@xxxxxxxxxx>
> ---
> src/vdagentd/virtio-port.c | 30 ++++++++++++++----------------
> 1 file changed, 14 insertions(+), 16 deletions(-)
>
> diff --git a/src/vdagentd/virtio-port.c b/src/vdagentd/virtio-port.c
> index e48d107..c037603 100644
> --- a/src/vdagentd/virtio-port.c
> +++ b/src/vdagentd/virtio-port.c
> @@ -197,29 +197,27 @@ void vdagent_virtio_port_write_start(
> uint32_t data_size)
> {
> struct vdagent_virtio_port_buf *wbuf, *new_wbuf;
> - VDIChunkHeader chunk_header;
> - VDAgentMessage message_header;
> + VDIChunkHeader *chunk_header;
> + VDAgentMessage *message_header;
>
> new_wbuf = g_new(struct vdagent_virtio_port_buf, 1);
> new_wbuf->pos = 0;
> new_wbuf->write_pos = 0;
> - new_wbuf->size = sizeof(chunk_header) + sizeof(message_header) +
> data_size;
> + new_wbuf->size = sizeof(*chunk_header) + sizeof(*message_header)
> + data_size;
> new_wbuf->next = NULL;
> new_wbuf->buf = g_malloc(new_wbuf->size);
>
> - chunk_header.port = GUINT32_TO_LE(port_nr);
> - chunk_header.size = GUINT32_TO_LE(sizeof(message_header) +
> data_size);
> - memcpy(new_wbuf->buf + new_wbuf->write_pos, &chunk_header,
> - sizeof(chunk_header));
> - new_wbuf->write_pos += sizeof(chunk_header);
> -
> - message_header.protocol = GUINT32_TO_LE(VD_AGENT_PROTOCOL);
> - message_header.type = GUINT32_TO_LE(message_type);
> - message_header.opaque = GUINT64_TO_LE(message_opaque);
> - message_header.size = GUINT32_TO_LE(data_size);
> - memcpy(new_wbuf->buf + new_wbuf->write_pos, &message_header,
> - sizeof(message_header));
> - new_wbuf->write_pos += sizeof(message_header);
> + chunk_header = (VDIChunkHeader *) (new_wbuf->buf + new_wbuf-
> >write_pos);
> + chunk_header->port = GUINT32_TO_LE(port_nr);
> + chunk_header->size = GUINT32_TO_LE(sizeof(*message_header) +
> data_size);
> + new_wbuf->write_pos += sizeof(*chunk_header);
> +
> + message_header = (VDAgentMessage *) (new_wbuf->buf + new_wbuf-
> >write_pos);
> + message_header->protocol = GUINT32_TO_LE(VD_AGENT_PROTOCOL);
> + message_header->type = GUINT32_TO_LE(message_type);
> + message_header->opaque = GUINT64_TO_LE(message_opaque);
> + message_header->size = GUINT32_TO_LE(data_size);
> + new_wbuf->write_pos += sizeof(*message_header);
>
> if (!vport->write_buf) {
> vport->write_buf = new_wbuf;
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel