From: Gerd Hoffmann <kraxel@redhat.com>
To: Stefan Hajnoczi <stefanha@redhat.com>
Cc: Laurent Vivier <lvivier@redhat.com>,
Kevin Wolf <kwolf@redhat.com>, Thomas Huth <thuth@redhat.com>,
qemu-block@nongnu.org, qemu-devel@nongnu.org,
Coiby Xu <Coiby.Xu@gmail.com>,
Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [PATCH 3/3] ui/vdagent: fix clipboard info memory leak in error path
Date: Fri, 28 May 2021 09:06:41 +0200 [thread overview]
Message-ID: <20210528070641.4ysnvhbvvcd4glti@sirius.home.kraxel.org> (raw)
In-Reply-To: <20210526091248.434459-4-stefanha@redhat.com>
On Wed, May 26, 2021 at 10:12:48AM +0100, Stefan Hajnoczi wrote:
> If the size of a VD_AGENT_CLIPBOARD_GRAB message is invalid we leak info
> when returning early.
>
> Thanks to Coverity for spotting this:
>
> *** CID 1453266: Resource leaks (RESOURCE_LEAK)
> /qemu/ui/vdagent.c: 465 in vdagent_chr_recv_clipboard()
> 459 info = qemu_clipboard_info_new(&vd->cbpeer, s);
> 460 if (size > sizeof(uint32_t) * 10) {
> 461 /*
> 462 * spice has 6 types as of 2021. Limiting to 10 entries
> 463 * so we we have some wiggle room.
> 464 */
> >>> CID 1453266: Resource leaks (RESOURCE_LEAK)
> >>> Variable "info" going out of scope leaks the storage it points to.
> 465 return;
> 466 }
> 467 while (size >= sizeof(uint32_t)) {
> 468 trace_vdagent_cb_grab_type(GET_NAME(type_name, *(uint32_t *)data));
> 469 switch (*(uint32_t *)data) {
> 470 case VD_AGENT_CLIPBOARD_UTF8_TEXT:
>
> Fixes: f0349f4d8947ad32d0fa4678cbf5dbb356fcbda1 ("ui/vdagent: add clipboard support")
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
prev parent reply other threads:[~2021-05-28 7:07 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-26 9:12 [PATCH 0/3] vhost-user-blk-test and vdagent Coverity fixes Stefan Hajnoczi
2021-05-26 9:12 ` [PATCH 1/3] vhost-user-blk-test: fix Coverity open(2) false positives Stefan Hajnoczi
2021-05-30 19:05 ` Peter Maydell
2021-06-01 15:36 ` Stefan Hajnoczi
2021-05-26 9:12 ` [PATCH 2/3] vhost-user-blk-test: fix Coverity mkstemp(2) umask warning Stefan Hajnoczi
2021-05-30 19:01 ` Peter Maydell
2021-06-01 15:36 ` Stefan Hajnoczi
2021-05-26 9:12 ` [PATCH 3/3] ui/vdagent: fix clipboard info memory leak in error path Stefan Hajnoczi
2021-05-28 7:06 ` Gerd Hoffmann [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210528070641.4ysnvhbvvcd4glti@sirius.home.kraxel.org \
--to=kraxel@redhat.com \
--cc=Coiby.Xu@gmail.com \
--cc=kwolf@redhat.com \
--cc=lvivier@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.