* [PATCH v2 0/3] Fix some coverity issues on VDUSE
@ 2022-07-06 9:56 Xie Yongji
2022-07-06 9:56 ` [PATCH v2 1/3] libvduse: Fix the incorrect function name Xie Yongji
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: Xie Yongji @ 2022-07-06 9:56 UTC (permalink / raw)
To: kwolf, stefanha, armbru, richard.henderson; +Cc: qemu-block, qemu-devel
This series fixes some issues reported by coverity.
Patch 1 fixes a incorrect function name.
Patch 2 fixes Coverity CID 1490224.
Patch 3 fixes Coverity CID 1490226, 1490223.
V1 to V2:
- Drop the patch to fix Coverity CID 1490222, 1490227 [Markus]
- Add some commit log to explain why we don't use g_strlcpy() [Markus]
Xie Yongji (3):
libvduse: Fix the incorrect function name
libvduse: Replace strcpy() with strncpy()
libvduse: Pass positive value to strerror()
subprojects/libvduse/libvduse.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
--
2.20.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH v2 1/3] libvduse: Fix the incorrect function name
2022-07-06 9:56 [PATCH v2 0/3] Fix some coverity issues on VDUSE Xie Yongji
@ 2022-07-06 9:56 ` Xie Yongji
2022-07-06 9:56 ` [PATCH v2 2/3] libvduse: Replace strcpy() with strncpy() Xie Yongji
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Xie Yongji @ 2022-07-06 9:56 UTC (permalink / raw)
To: kwolf, stefanha, armbru, richard.henderson; +Cc: qemu-block, qemu-devel
In vduse_name_is_valid(), we actually check whether
the name is invalid or not. So let's change the
function name to vduse_name_is_invalid() to match
the behavior.
Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
---
subprojects/libvduse/libvduse.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/subprojects/libvduse/libvduse.c b/subprojects/libvduse/libvduse.c
index 9a2bcec282..6374933881 100644
--- a/subprojects/libvduse/libvduse.c
+++ b/subprojects/libvduse/libvduse.c
@@ -1193,7 +1193,7 @@ static int vduse_dev_init(VduseDev *dev, const char *name,
return 0;
}
-static inline bool vduse_name_is_valid(const char *name)
+static inline bool vduse_name_is_invalid(const char *name)
{
return strlen(name) >= VDUSE_NAME_MAX || strstr(name, "..");
}
@@ -1242,7 +1242,7 @@ VduseDev *vduse_dev_create_by_name(const char *name, uint16_t num_queues,
VduseDev *dev;
int ret;
- if (!name || vduse_name_is_valid(name) || !ops ||
+ if (!name || vduse_name_is_invalid(name) || !ops ||
!ops->enable_queue || !ops->disable_queue) {
fprintf(stderr, "Invalid parameter for vduse\n");
return NULL;
@@ -1276,7 +1276,7 @@ VduseDev *vduse_dev_create(const char *name, uint32_t device_id,
struct vduse_dev_config *dev_config;
size_t size = offsetof(struct vduse_dev_config, config);
- if (!name || vduse_name_is_valid(name) ||
+ if (!name || vduse_name_is_invalid(name) ||
!has_feature(features, VIRTIO_F_VERSION_1) || !config ||
!config_size || !ops || !ops->enable_queue || !ops->disable_queue) {
fprintf(stderr, "Invalid parameter for vduse\n");
--
2.20.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH v2 2/3] libvduse: Replace strcpy() with strncpy()
2022-07-06 9:56 [PATCH v2 0/3] Fix some coverity issues on VDUSE Xie Yongji
2022-07-06 9:56 ` [PATCH v2 1/3] libvduse: Fix the incorrect function name Xie Yongji
@ 2022-07-06 9:56 ` Xie Yongji
2022-07-06 9:56 ` [PATCH v2 3/3] libvduse: Pass positive value to strerror() Xie Yongji
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Xie Yongji @ 2022-07-06 9:56 UTC (permalink / raw)
To: kwolf, stefanha, armbru, richard.henderson; +Cc: qemu-block, qemu-devel
Coverity reported a string overflow issue since we copied
"name" to "dev_config->name" without checking the length.
This should be a false positive since we already checked
the length of "name" in vduse_name_is_invalid(). But anyway,
let's replace strcpy() with strncpy() (as a general library,
we'd like to minimize dependencies on other libraries, so we
didn't use g_strlcpy() here) to fix the coverity complaint.
Fixes: Coverity CID 1490224
Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
---
subprojects/libvduse/libvduse.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/subprojects/libvduse/libvduse.c b/subprojects/libvduse/libvduse.c
index 6374933881..1e36227388 100644
--- a/subprojects/libvduse/libvduse.c
+++ b/subprojects/libvduse/libvduse.c
@@ -1309,7 +1309,8 @@ VduseDev *vduse_dev_create(const char *name, uint32_t device_id,
goto err_dev;
}
- strcpy(dev_config->name, name);
+ strncpy(dev_config->name, name, VDUSE_NAME_MAX);
+ dev_config->name[VDUSE_NAME_MAX - 1] = '\0';
dev_config->device_id = device_id;
dev_config->vendor_id = vendor_id;
dev_config->features = features;
--
2.20.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH v2 3/3] libvduse: Pass positive value to strerror()
2022-07-06 9:56 [PATCH v2 0/3] Fix some coverity issues on VDUSE Xie Yongji
2022-07-06 9:56 ` [PATCH v2 1/3] libvduse: Fix the incorrect function name Xie Yongji
2022-07-06 9:56 ` [PATCH v2 2/3] libvduse: Replace strcpy() with strncpy() Xie Yongji
@ 2022-07-06 9:56 ` Xie Yongji
2022-07-29 15:22 ` [PATCH v2 0/3] Fix some coverity issues on VDUSE Peter Maydell
2022-08-02 9:07 ` Kevin Wolf
4 siblings, 0 replies; 6+ messages in thread
From: Xie Yongji @ 2022-07-06 9:56 UTC (permalink / raw)
To: kwolf, stefanha, armbru, richard.henderson; +Cc: qemu-block, qemu-devel
The value passed to strerror() should be positive.
So let's fix it.
Fixes: Coverity CID 1490226, 1490223
Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
---
subprojects/libvduse/libvduse.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/subprojects/libvduse/libvduse.c b/subprojects/libvduse/libvduse.c
index 1e36227388..1a5981445c 100644
--- a/subprojects/libvduse/libvduse.c
+++ b/subprojects/libvduse/libvduse.c
@@ -1257,7 +1257,7 @@ VduseDev *vduse_dev_create_by_name(const char *name, uint16_t num_queues,
ret = vduse_dev_init(dev, name, num_queues, ops, priv);
if (ret < 0) {
fprintf(stderr, "Failed to init vduse device %s: %s\n",
- name, strerror(ret));
+ name, strerror(-ret));
free(dev);
return NULL;
}
@@ -1331,7 +1331,7 @@ VduseDev *vduse_dev_create(const char *name, uint32_t device_id,
ret = vduse_dev_init(dev, name, num_queues, ops, priv);
if (ret < 0) {
fprintf(stderr, "Failed to init vduse device %s: %s\n",
- name, strerror(ret));
+ name, strerror(-ret));
goto err;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH v2 0/3] Fix some coverity issues on VDUSE
2022-07-06 9:56 [PATCH v2 0/3] Fix some coverity issues on VDUSE Xie Yongji
` (2 preceding siblings ...)
2022-07-06 9:56 ` [PATCH v2 3/3] libvduse: Pass positive value to strerror() Xie Yongji
@ 2022-07-29 15:22 ` Peter Maydell
2022-08-02 9:07 ` Kevin Wolf
4 siblings, 0 replies; 6+ messages in thread
From: Peter Maydell @ 2022-07-29 15:22 UTC (permalink / raw)
To: Xie Yongji
Cc: kwolf, stefanha, armbru, richard.henderson, qemu-block, qemu-devel
On Wed, 6 Jul 2022 at 11:18, Xie Yongji <xieyongji@bytedance.com> wrote:
>
> This series fixes some issues reported by coverity.
>
> Patch 1 fixes a incorrect function name.
>
> Patch 2 fixes Coverity CID 1490224.
>
> Patch 3 fixes Coverity CID 1490226, 1490223.
>
> V1 to V2:
> - Drop the patch to fix Coverity CID 1490222, 1490227 [Markus]
> - Add some commit log to explain why we don't use g_strlcpy() [Markus]
>
> Xie Yongji (3):
> libvduse: Fix the incorrect function name
> libvduse: Replace strcpy() with strncpy()
> libvduse: Pass positive value to strerror()
>
> subprojects/libvduse/libvduse.c | 13 +++++++------
> 1 file changed, 7 insertions(+), 6 deletions(-)
Hi -- these patches still don't seem to be in git. What
is the plan for getting them in ?
thanks
-- PMM
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v2 0/3] Fix some coverity issues on VDUSE
2022-07-06 9:56 [PATCH v2 0/3] Fix some coverity issues on VDUSE Xie Yongji
` (3 preceding siblings ...)
2022-07-29 15:22 ` [PATCH v2 0/3] Fix some coverity issues on VDUSE Peter Maydell
@ 2022-08-02 9:07 ` Kevin Wolf
4 siblings, 0 replies; 6+ messages in thread
From: Kevin Wolf @ 2022-08-02 9:07 UTC (permalink / raw)
To: Xie Yongji; +Cc: stefanha, armbru, richard.henderson, qemu-block, qemu-devel
Am 06.07.2022 um 11:56 hat Xie Yongji geschrieben:
> This series fixes some issues reported by coverity.
>
> Patch 1 fixes a incorrect function name.
>
> Patch 2 fixes Coverity CID 1490224.
>
> Patch 3 fixes Coverity CID 1490226, 1490223.
>
> V1 to V2:
> - Drop the patch to fix Coverity CID 1490222, 1490227 [Markus]
> - Add some commit log to explain why we don't use g_strlcpy() [Markus]
Thanks, applied to the block branch.
Kevin
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-08-02 9:34 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-07-06 9:56 [PATCH v2 0/3] Fix some coverity issues on VDUSE Xie Yongji
2022-07-06 9:56 ` [PATCH v2 1/3] libvduse: Fix the incorrect function name Xie Yongji
2022-07-06 9:56 ` [PATCH v2 2/3] libvduse: Replace strcpy() with strncpy() Xie Yongji
2022-07-06 9:56 ` [PATCH v2 3/3] libvduse: Pass positive value to strerror() Xie Yongji
2022-07-29 15:22 ` [PATCH v2 0/3] Fix some coverity issues on VDUSE Peter Maydell
2022-08-02 9:07 ` Kevin Wolf
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.