From: Eric Auger <eric.auger@redhat.com>
To: eric.auger.pro@gmail.com, eric.auger@redhat.com,
qemu-devel@nongnu.org, qemu-arm@nongnu.org,
peter.maydell@linaro.org
Subject: [Qemu-devel] [PATCH 1/2] hw/arm/smmuv3: Fix Coverity issue in smmuv3_record_event
Date: Wed, 16 May 2018 14:03:03 -0400 [thread overview]
Message-ID: <1526493784-25328-2-git-send-email-eric.auger@redhat.com> (raw)
In-Reply-To: <1526493784-25328-1-git-send-email-eric.auger@redhat.com>
Coverity complains about use of uninitialized Evt struct.
The EVT_SET_TYPE and similar setters use deposit32() on fields
in the struct, so they read the uninitialized existing values.
In cases where we don't set all the fields in the event struct
we'll end up leaking random uninitialized data from QEMU's
stack into the guest.
Initializing the struct with "Evt evt = {};" ought to satisfy
Coverity and fix the data leak.
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Reported-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/arm/smmuv3.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
index b3026de..42dc521 100644
--- a/hw/arm/smmuv3.c
+++ b/hw/arm/smmuv3.c
@@ -143,7 +143,7 @@ static MemTxResult smmuv3_write_eventq(SMMUv3State *s, Evt *evt)
void smmuv3_record_event(SMMUv3State *s, SMMUEventInfo *info)
{
- Evt evt;
+ Evt evt = {};
MemTxResult r;
if (!smmuv3_eventq_enabled(s)) {
--
1.8.3.1
next prev parent reply other threads:[~2018-05-16 13:59 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-16 18:03 [Qemu-devel] [PATCH 0/2] ARM SMMUv3: Fix a couple of Coverity issues Eric Auger
2018-05-16 18:03 ` Eric Auger [this message]
2018-05-16 16:02 ` [Qemu-devel] [Qemu-arm] [PATCH 1/2] hw/arm/smmuv3: Fix Coverity issue in smmuv3_record_event Philippe Mathieu-Daudé
2018-05-16 18:03 ` [Qemu-devel] [PATCH 2/2] hw/arm/smmu-common: Fix coverity issue in get_block_pte_address Eric Auger
2018-05-16 16:16 ` [Qemu-devel] [Qemu-arm] " Philippe Mathieu-Daudé
2018-05-16 16:23 ` Peter Maydell
2018-05-16 20:01 ` Philippe Mathieu-Daudé
2018-05-17 7:07 ` Auger Eric
2018-05-17 15:37 ` [Qemu-devel] [PATCH 0/2] ARM SMMUv3: Fix a couple of Coverity issues Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1526493784-25328-2-git-send-email-eric.auger@redhat.com \
--to=eric.auger@redhat.com \
--cc=eric.auger.pro@gmail.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.