Re: [Qemu-devel] [PATCH 1/2] qemu-char: BUGFIX, don't call FD

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 1/2] qemu-char: BUGFIX, don't call FD_ISSET with

From:	David Gibson
Subject:	Re: [Qemu-devel] [PATCH 1/2] qemu-char: BUGFIX, don't call FD_ISSET with negative fd
Date:	Tue, 18 Sep 2012 10:08:52 +1000
User-agent:	Mutt/1.5.21 (2010-09-15)

On Mon, Sep 17, 2012 at 01:24:51PM -0500, Anthony Liguori wrote:
> David Gibson <address@hidden> writes:
> 
> > tcp_chr_connect(), unlike for example udp_chr_update_read_handler() does
> > not check if the fd it is using is valid (>= 0) before passing it to
> > qemu_set_fd_handler2().  If using e.g. a TCP serial port, which is not
> > initially connected, this can result in -1 being passed to FD_ISSET, which
> > has undefined behaviour.  On x86 it seems to harmlessly return 0, but on
> > PowerPC, it causes a fortify buffer overflow error to be thrown.
> >
> > This patch fixes this by putting an extra test in tcp_chr_connect(), and
> > also adds an assert qemu_set_fd_handler2() to catch other such errors on
> > all platforms, rather than just some.
> >
> > Signed-off-by: David Gibson <address@hidden>
> 
> Applied. Thanks.

Excellent.

Fwiw, I think this one should go into the stable branch, too.

-- 
David Gibson                    | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
                                | _way_ _around_!
http://www.ozlabs.org/~dgibson

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [0/2] Bugfixes for 1.2 stable series, David Gibson, 2012/09/09
- [Qemu-devel] [PATCH 2/2] cpu_physical_memory_write_rom() needs to do TB invalidates, David Gibson, 2012/09/09
  - Re: [Qemu-devel] [PATCH 2/2] cpu_physical_memory_write_rom() needs to do TB invalidates, Andreas Färber, 2012/09/10
    - Re: [Qemu-devel] [PATCH 2/2] cpu_physical_memory_write_rom() needs to do TB invalidates, David Gibson, 2012/09/12
- [Qemu-devel] [PATCH 1/2] qemu-char: BUGFIX, don't call FD_ISSET with negative fd, David Gibson, 2012/09/09
  - Re: [Qemu-devel] [PATCH 1/2] qemu-char: BUGFIX, don't call FD_ISSET with negative fd, Anthony Liguori, 2012/09/17
    - Re: [Qemu-devel] [PATCH 1/2] qemu-char: BUGFIX, don't call FD_ISSET with negative fd, David Gibson <=
    - Re: [Qemu-devel] [PATCH 1/2] qemu-char: BUGFIX, don't call FD_ISSET with negative fd, Andreas Färber, 2012/09/18
    - Re: [Qemu-devel] [PATCH 1/2] qemu-char: BUGFIX, don't call FD_ISSET with negative fd, David Gibson, 2012/09/18

Prev by Date: [Qemu-devel] buildbot failure in qemu on default_i386_rhel61
Next by Date: Re: [Qemu-devel] qmp: dump-guest-memory: -p option has issues, fix it or drop it?
Previous by thread: Re: [Qemu-devel] [PATCH 1/2] qemu-char: BUGFIX, don't call FD_ISSET with negative fd
Next by thread: Re: [Qemu-devel] [PATCH 1/2] qemu-char: BUGFIX, don't call FD_ISSET with negative fd
Index(es):
- Date
- Thread