From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:50055) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1a5zx9-0008S0-2z for qemu-devel@nongnu.org; Mon, 07 Dec 2015 12:52:00 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1a5zx8-0003XU-1T for qemu-devel@nongnu.org; Mon, 07 Dec 2015 12:51:59 -0500 References: <1449508029-14664-1-git-send-email-rkagan@virtuozzo.com> From: Eric Blake Message-ID: <5665C732.4010107@redhat.com> Date: Mon, 7 Dec 2015 10:51:46 -0700 MIME-Version: 1.0 In-Reply-To: <1449508029-14664-1-git-send-email-rkagan@virtuozzo.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="r89R04F8oTrQac8Oh2i75IdEVLsfNhiko" Subject: Re: [Qemu-devel] [Qemu-block] [PATCH for-2.5] qcow2: always initialize specific image info List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Roman Kagan , Kevin Wolf , qemu-block@nongnu.org Cc: Denis Lunev , "qemu-devel@nongnu.org" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --r89R04F8oTrQac8Oh2i75IdEVLsfNhiko Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable [adding qemu-devel - ALL patches should go to qemu-devel, even if they are also going to a sub-list like qemu-block] On 12/07/2015 10:07 AM, Roman Kagan wrote: > qcow2_get_specific_info() used to have a code path which would leave > pointer to ImageInfoSpecificQCow2 uninitialized. >=20 > We guess that it caused sporadic crashes on freeing an invalid pointer > in response to "query-block" QMP command in > visit_type_ImageInfoSpecificQCow2 with QapiDeallocVisitor. >=20 > Although we have neither a solid proof nor a reproduction scenario, > making sure the field is initialized appears a reasonable thing to do. >=20 > Signed-off-by: Roman Kagan > --- > block/qcow2.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) >=20 > diff --git a/block/qcow2.c b/block/qcow2.c > index 88f56c8..67c9d3d 100644 > --- a/block/qcow2.c > +++ b/block/qcow2.c > @@ -2739,7 +2739,7 @@ static ImageInfoSpecific *qcow2_get_specific_info= (BlockDriverState *bs) > =20 > *spec_info =3D (ImageInfoSpecific){ > .type =3D IMAGE_INFO_SPECIFIC_KIND_QCOW2, > - .u.qcow2 =3D g_new(ImageInfoSpecificQCow2, 1), > + .u.qcow2 =3D g_new0(ImageInfoSpecificQCow2, 1), NACK. This makes no difference, except when s->qcow_version is out of sp= ec. > }; > if (s->qcow_version =3D=3D 2) { > *spec_info->u.qcow2 =3D (ImageInfoSpecificQCow2){ >=20 If s->qcow_version is exactly 2, then we end up initializing all fields due to the assignment here; same if qcow_version is exactly 3. The only time qcow2 remains uninitialized is if qcow_version is 0, 1, or > 3; but we refuse to handle qcow files with out-of-range versions. So I don't see how you are plugging any uninitialized values; and therefore, I don't see how this is patching any crashes. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --r89R04F8oTrQac8Oh2i75IdEVLsfNhiko Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJWZccyAAoJEKeha0olJ0NqSd4H/R1F8qGwbEc4FXG3CW3JwXkB wpAZ3yQltuwpRDsCcIWb+YTpQJUV2I/hEU/uu3Pg6k3N42mVl9gl2V9AHX2ksbLx Jh2uE80QbyCYnA3n7RuEuK7XQQVwSc7EhVcOfU7N1YNXgI7Lej9As/Wy5Qy9heUn HioMvpEHs4rtOjlF16hCS06pBpKDjpDnWGUMR9TmqOnna9yOQ2dncwRgqDfdY7Gn GHpWLWXOWXNX+XaxURdEwEaCA/IugGIj1iDfr9mt1x5LlSR77J/m0NFJSsNVzCNk GkJY62YGAJ5SfV/mnb74OAGphrOJNp7E+ODgwI5LUv7ImKQ6yCu5fX4olMz9qUk= =L9W1 -----END PGP SIGNATURE----- --r89R04F8oTrQac8Oh2i75IdEVLsfNhiko--