[libvirt] [PATCH] qemu: avoid leaking uninit data from hotplug to dumpxml
Detected by Coverity. The fix in 2c27dfa didn't catch all bad instances of memcpy(). Thankfully, on further analysis, all of the problematic uses are only triggered by old qemu that lacks -device. * src/qemu/qemu_hotplug.c (qemuDomainAttachPciDiskDevice) (qemuDomainAttachNetDevice, qemuDomainAttachHostPciDevice): Init all fields since monitor only populates some of them. --- src/qemu/qemu_hotplug.c | 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 037f4aa..06b21c3 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -246,7 +246,7 @@ int qemuDomainAttachPciDiskDevice(struct qemud_driver *driver, } } } else { - virDomainDevicePCIAddress guestAddr; + virDomainDevicePCIAddress guestAddr = disk->info.addr.pci; ret = qemuMonitorAddPCIDisk(priv->mon, disk->src, type, @@ -775,6 +775,7 @@ int qemuDomainAttachNetDevice(virConnectPtr conn, goto try_remove; } } else { + guestAddr = net->info.addr.pci; if (qemuMonitorAddPCINetwork(priv->mon, nicstr, &guestAddr) < 0) { qemuDomainObjExitMonitorWithDriver(driver, vm); @@ -929,7 +930,7 @@ int qemuDomainAttachHostPciDevice(struct qemud_driver *driver, configfd, configfd_name); qemuDomainObjExitMonitorWithDriver(driver, vm); } else { - virDomainDevicePCIAddress guestAddr; + virDomainDevicePCIAddress guestAddr = hostdev->info.addr.pci; qemuDomainObjEnterMonitorWithDriver(driver, vm); ret = qemuMonitorAddPCIHostDevice(priv->mon, -- 1.7.4.4
On 10/26/2011 07:42 PM, Eric Blake wrote:
Detected by Coverity. The fix in 2c27dfa didn't catch all bad instances of memcpy(). Thankfully, on further analysis, all of the problematic uses are only triggered by old qemu that lacks -device.
* src/qemu/qemu_hotplug.c (qemuDomainAttachPciDiskDevice) (qemuDomainAttachNetDevice, qemuDomainAttachHostPciDevice): Init all fields since monitor only populates some of them. --- src/qemu/qemu_hotplug.c | 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 037f4aa..06b21c3 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -246,7 +246,7 @@ int qemuDomainAttachPciDiskDevice(struct qemud_driver *driver, } } } else { - virDomainDevicePCIAddress guestAddr; + virDomainDevicePCIAddress guestAddr = disk->info.addr.pci; ret = qemuMonitorAddPCIDisk(priv->mon, disk->src, type, @@ -775,6 +775,7 @@ int qemuDomainAttachNetDevice(virConnectPtr conn, goto try_remove; } } else { + guestAddr = net->info.addr.pci; if (qemuMonitorAddPCINetwork(priv->mon, nicstr, &guestAddr)< 0) { qemuDomainObjExitMonitorWithDriver(driver, vm); @@ -929,7 +930,7 @@ int qemuDomainAttachHostPciDevice(struct qemud_driver *driver, configfd, configfd_name); qemuDomainObjExitMonitorWithDriver(driver, vm); } else { - virDomainDevicePCIAddress guestAddr; + virDomainDevicePCIAddress guestAddr = hostdev->info.addr.pci;
qemuDomainObjEnterMonitorWithDriver(driver, vm); ret = qemuMonitorAddPCIHostDevice(priv->mon,
ACK.
On 10/28/2011 08:59 AM, Laine Stump wrote:
On 10/26/2011 07:42 PM, Eric Blake wrote:
Detected by Coverity. The fix in 2c27dfa didn't catch all bad instances of memcpy(). Thankfully, on further analysis, all of the problematic uses are only triggered by old qemu that lacks -device.
* src/qemu/qemu_hotplug.c (qemuDomainAttachPciDiskDevice) (qemuDomainAttachNetDevice, qemuDomainAttachHostPciDevice): Init all fields since monitor only populates some of them.
ACK.
Thanks; pushed. -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org
participants (2)
-
Eric Blake -
Laine Stump