[Spice-devel] [PATCH vd_agent_linux 1/7] virtio-port: Avoid temporary buffers

Thu Jan 3 16:39:05 UTC 2019

Acked-by: Jonathon Jongsma <jjongsma at redhat.com>


On Thu, 2019-01-03 at 10:02 +0000, Frediano Ziglio wrote:
> Modify directly the new_wbuf->buf buffer instead of writing into
> a temporary buffer and then copy in the final one.
> This also fixes Coverity warning:
> 
>  | uninit_use_in_call: Using uninitialized value "message_header".
> Field
>  | "message_header.data" is uninitialized when calling "memcpy".
> 
> Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
> ---
>  src/vdagentd/virtio-port.c | 30 ++++++++++++++----------------
>  1 file changed, 14 insertions(+), 16 deletions(-)
> 
> diff --git a/src/vdagentd/virtio-port.c b/src/vdagentd/virtio-port.c
> index e48d107..c037603 100644
> --- a/src/vdagentd/virtio-port.c
> +++ b/src/vdagentd/virtio-port.c
> @@ -197,29 +197,27 @@ void vdagent_virtio_port_write_start(
>          uint32_t data_size)
>  {
>      struct vdagent_virtio_port_buf *wbuf, *new_wbuf;
> -    VDIChunkHeader chunk_header;
> -    VDAgentMessage message_header;
> +    VDIChunkHeader *chunk_header;
> +    VDAgentMessage *message_header;
>  
>      new_wbuf = g_new(struct vdagent_virtio_port_buf, 1);
>      new_wbuf->pos = 0;
>      new_wbuf->write_pos = 0;
> -    new_wbuf->size = sizeof(chunk_header) + sizeof(message_header) +
> data_size;
> +    new_wbuf->size = sizeof(*chunk_header) + sizeof(*message_header)
> + data_size;
>      new_wbuf->next = NULL;
>      new_wbuf->buf = g_malloc(new_wbuf->size);
>  
> -    chunk_header.port = GUINT32_TO_LE(port_nr);
> -    chunk_header.size = GUINT32_TO_LE(sizeof(message_header) +
> data_size);
> -    memcpy(new_wbuf->buf + new_wbuf->write_pos, &chunk_header,
> -           sizeof(chunk_header));
> -    new_wbuf->write_pos += sizeof(chunk_header);
> -
> -    message_header.protocol = GUINT32_TO_LE(VD_AGENT_PROTOCOL);
> -    message_header.type = GUINT32_TO_LE(message_type);
> -    message_header.opaque = GUINT64_TO_LE(message_opaque);
> -    message_header.size = GUINT32_TO_LE(data_size);
> -    memcpy(new_wbuf->buf + new_wbuf->write_pos, &message_header,
> -           sizeof(message_header));
> -    new_wbuf->write_pos += sizeof(message_header);
> +    chunk_header = (VDIChunkHeader *) (new_wbuf->buf + new_wbuf-
> >write_pos);
> +    chunk_header->port = GUINT32_TO_LE(port_nr);
> +    chunk_header->size = GUINT32_TO_LE(sizeof(*message_header) +
> data_size);
> +    new_wbuf->write_pos += sizeof(*chunk_header);
> +
> +    message_header = (VDAgentMessage *) (new_wbuf->buf + new_wbuf-
> >write_pos);
> +    message_header->protocol = GUINT32_TO_LE(VD_AGENT_PROTOCOL);
> +    message_header->type = GUINT32_TO_LE(message_type);
> +    message_header->opaque = GUINT64_TO_LE(message_opaque);
> +    message_header->size = GUINT32_TO_LE(data_size);
> +    new_wbuf->write_pos += sizeof(*message_header);
>  
>      if (!vport->write_buf) {
>          vport->write_buf = new_wbuf;