[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 1/2] qemu-char: BUGFIX, don't call FD_ISSET with
|
From: |
Andreas Färber |
|
Subject: |
Re: [Qemu-devel] [PATCH 1/2] qemu-char: BUGFIX, don't call FD_ISSET with negative fd |
|
Date: |
Tue, 18 Sep 2012 13:29:04 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20120825 Thunderbird/15.0 |
Am 18.09.2012 02:08, schrieb David Gibson:
> On Mon, Sep 17, 2012 at 01:24:51PM -0500, Anthony Liguori wrote:
>> David Gibson <address@hidden> writes:
>>
>>> tcp_chr_connect(), unlike for example udp_chr_update_read_handler() does
>>> not check if the fd it is using is valid (>= 0) before passing it to
>>> qemu_set_fd_handler2(). If using e.g. a TCP serial port, which is not
>>> initially connected, this can result in -1 being passed to FD_ISSET, which
>>> has undefined behaviour. On x86 it seems to harmlessly return 0, but on
>>> PowerPC, it causes a fortify buffer overflow error to be thrown.
>>>
>>> This patch fixes this by putting an extra test in tcp_chr_connect(), and
>>> also adds an assert qemu_set_fd_handler2() to catch other such errors on
>>> all platforms, rather than just some.
>>>
>>> Signed-off-by: David Gibson <address@hidden>
>>
>> Applied. Thanks.
>
> Excellent.
>
> Fwiw, I think this one should go into the stable branch, too.
...which you indicate by cc'ing qemu-stable since that is not handled by
Anthony himself.
Queued for stable-0.15.
Andreas
--
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg