[Spice-devel] [linux-agent v1 1/5] virtio-port: initialize struct before memcpy
Frediano Ziglio
fziglio at redhat.com
Tue Dec 18 17:06:01 UTC 2018
>
> From: Victor Toso <me at victortoso.com>
>
> Found by coverity:
>
> | uninit_use_in_call: Using uninitialized value "message_header". Field
> | "message_header.data" is uninitialized when calling "memcpy".
>
> Signed-off-by: Victor Toso <victortoso at redhat.com>
This structure is defined as:
typedef struct SPICE_ATTR_PACKED VDAgentMessage {
uint32_t protocol;
uint32_t type;
uint64_t opaque;
uint32_t size;
uint8_t data[0];
} VDAgentMessage;
so data field is 0 bytes (note also the packet attribute so there's no
padding at the end of the structure).
It's just a false positive on Coverity.
> ---
> src/vdagentd/virtio-port.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/vdagentd/virtio-port.c b/src/vdagentd/virtio-port.c
> index e48d107..7b148d5 100644
> --- a/src/vdagentd/virtio-port.c
> +++ b/src/vdagentd/virtio-port.c
> @@ -198,7 +198,7 @@ void vdagent_virtio_port_write_start(
> {
> struct vdagent_virtio_port_buf *wbuf, *new_wbuf;
> VDIChunkHeader chunk_header;
> - VDAgentMessage message_header;
> + VDAgentMessage message_header = { 0, };
>
> new_wbuf = g_new(struct vdagent_virtio_port_buf, 1);
> new_wbuf->pos = 0;
Why not replacing
message_header.protocol = GUINT32_TO_LE(VD_AGENT_PROTOCOL);
message_header.type = GUINT32_TO_LE(message_type);
message_header.opaque = GUINT64_TO_LE(message_opaque);
message_header.size = GUINT32_TO_LE(data_size);
memcpy(new_wbuf->buf + new_wbuf->write_pos, &message_header,
sizeof(message_header));
with
VDAgentMessage *message_header = (VDAgentMessage *) (new_wbuf->buf + new_wbuf->write_pos);
message_header->protocol = GUINT32_TO_LE(VD_AGENT_PROTOCOL);
message_header->type = GUINT32_TO_LE(message_type);
message_header->opaque = GUINT64_TO_LE(message_opaque);
message_header->size = GUINT32_TO_LE(data_size);
(need to change other message_header usages too, chunk_header could be changed in a similar way) ?
Frediano
More information about the Spice-devel
mailing list