[Spice-devel] [PATCH vd_agent_linux] virtio-port: Avoid temporary buffers

Frediano Ziglio fziglio at redhat.com
Wed Dec 19 13:23:43 UTC 2018


Modify directly the new_wbuf->buf buffer instead of writing into
a temporary buffer and then copy in the final one.
This also fixes Coverity warning:

 | uninit_use_in_call: Using uninitialized value "message_header". Field
 | "message_header.data" is uninitialized when calling "memcpy".

Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
---
 src/vdagentd/virtio-port.c | 30 ++++++++++++++----------------
 1 file changed, 14 insertions(+), 16 deletions(-)

diff --git a/src/vdagentd/virtio-port.c b/src/vdagentd/virtio-port.c
index e48d107..c037603 100644
--- a/src/vdagentd/virtio-port.c
+++ b/src/vdagentd/virtio-port.c
@@ -197,29 +197,27 @@ void vdagent_virtio_port_write_start(
         uint32_t data_size)
 {
     struct vdagent_virtio_port_buf *wbuf, *new_wbuf;
-    VDIChunkHeader chunk_header;
-    VDAgentMessage message_header;
+    VDIChunkHeader *chunk_header;
+    VDAgentMessage *message_header;
 
     new_wbuf = g_new(struct vdagent_virtio_port_buf, 1);
     new_wbuf->pos = 0;
     new_wbuf->write_pos = 0;
-    new_wbuf->size = sizeof(chunk_header) + sizeof(message_header) + data_size;
+    new_wbuf->size = sizeof(*chunk_header) + sizeof(*message_header) + data_size;
     new_wbuf->next = NULL;
     new_wbuf->buf = g_malloc(new_wbuf->size);
 
-    chunk_header.port = GUINT32_TO_LE(port_nr);
-    chunk_header.size = GUINT32_TO_LE(sizeof(message_header) + data_size);
-    memcpy(new_wbuf->buf + new_wbuf->write_pos, &chunk_header,
-           sizeof(chunk_header));
-    new_wbuf->write_pos += sizeof(chunk_header);
-
-    message_header.protocol = GUINT32_TO_LE(VD_AGENT_PROTOCOL);
-    message_header.type = GUINT32_TO_LE(message_type);
-    message_header.opaque = GUINT64_TO_LE(message_opaque);
-    message_header.size = GUINT32_TO_LE(data_size);
-    memcpy(new_wbuf->buf + new_wbuf->write_pos, &message_header,
-           sizeof(message_header));
-    new_wbuf->write_pos += sizeof(message_header);
+    chunk_header = (VDIChunkHeader *) (new_wbuf->buf + new_wbuf->write_pos);
+    chunk_header->port = GUINT32_TO_LE(port_nr);
+    chunk_header->size = GUINT32_TO_LE(sizeof(*message_header) + data_size);
+    new_wbuf->write_pos += sizeof(*chunk_header);
+
+    message_header = (VDAgentMessage *) (new_wbuf->buf + new_wbuf->write_pos);
+    message_header->protocol = GUINT32_TO_LE(VD_AGENT_PROTOCOL);
+    message_header->type = GUINT32_TO_LE(message_type);
+    message_header->opaque = GUINT64_TO_LE(message_opaque);
+    message_header->size = GUINT32_TO_LE(data_size);
+    new_wbuf->write_pos += sizeof(*message_header);
 
     if (!vport->write_buf) {
         vport->write_buf = new_wbuf;
-- 
2.17.2



More information about the Spice-devel mailing list