[Spice-devel] [linux-agent v1 1/5] virtio-port: initialize struct before memcpy
Victor Toso
victortoso at redhat.com
Wed Dec 19 10:14:13 UTC 2018
Hi,
On Tue, Dec 18, 2018 at 12:06:01PM -0500, Frediano Ziglio wrote:
>
> >
> > From: Victor Toso <me at victortoso.com>
> >
> > Found by coverity:
> >
> > | uninit_use_in_call: Using uninitialized value "message_header". Field
> > | "message_header.data" is uninitialized when calling "memcpy".
> >
> > Signed-off-by: Victor Toso <victortoso at redhat.com>
>
> This structure is defined as:
>
> typedef struct SPICE_ATTR_PACKED VDAgentMessage {
> uint32_t protocol;
> uint32_t type;
> uint64_t opaque;
> uint32_t size;
> uint8_t data[0];
> } VDAgentMessage;
>
> so data field is 0 bytes (note also the packet attribute so there's no
> padding at the end of the structure).
>
> It's just a false positive on Coverity.
Right, I saw some usage of this in spice-gtk and I thought it was
also to shut coverity.
> > ---
> > src/vdagentd/virtio-port.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/src/vdagentd/virtio-port.c b/src/vdagentd/virtio-port.c
> > index e48d107..7b148d5 100644
> > --- a/src/vdagentd/virtio-port.c
> > +++ b/src/vdagentd/virtio-port.c
> > @@ -198,7 +198,7 @@ void vdagent_virtio_port_write_start(
> > {
> > struct vdagent_virtio_port_buf *wbuf, *new_wbuf;
> > VDIChunkHeader chunk_header;
> > - VDAgentMessage message_header;
> > + VDAgentMessage message_header = { 0, };
> >
> > new_wbuf = g_new(struct vdagent_virtio_port_buf, 1);
> > new_wbuf->pos = 0;
>
> Why not replacing
>
> message_header.protocol = GUINT32_TO_LE(VD_AGENT_PROTOCOL);
> message_header.type = GUINT32_TO_LE(message_type);
> message_header.opaque = GUINT64_TO_LE(message_opaque);
> message_header.size = GUINT32_TO_LE(data_size);
> memcpy(new_wbuf->buf + new_wbuf->write_pos, &message_header,
> sizeof(message_header));
>
> with
>
> VDAgentMessage *message_header = (VDAgentMessage *) (new_wbuf->buf + new_wbuf->write_pos);
> message_header->protocol = GUINT32_TO_LE(VD_AGENT_PROTOCOL);
> message_header->type = GUINT32_TO_LE(message_type);
> message_header->opaque = GUINT64_TO_LE(message_opaque);
> message_header->size = GUINT32_TO_LE(data_size);
>
> (need to change other message_header usages too, chunk_header could be changed in a similar way) ?
If you think it is better, feel free to send the patch.
>
> Frediano
Thanks again,
Victor
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/spice-devel/attachments/20181219/c2d10065/attachment.sig>
More information about the Spice-devel
mailing list