[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v16 08/20] io: add qio_channel_readv_full_all_eof & qio_chann
From: |
Stefan Hajnoczi |
Subject: |
Re: [PATCH v16 08/20] io: add qio_channel_readv_full_all_eof & qio_channel_readv_full_all helpers |
Date: |
Tue, 12 Jan 2021 11:15:37 +0000 |
On Mon, Jan 11, 2021 at 12:05:53AM -0500, Jagannathan Raman wrote:
> @@ -112,20 +132,36 @@ int qio_channel_readv_all_eof(QIOChannel *ioc,
> qio_channel_wait(ioc, G_IO_IN);
> }
> continue;
> - } else if (len < 0) {
> - goto cleanup;
> - } else if (len == 0) {
> - if (partial) {
> - error_setg(errp,
> - "Unexpected end-of-file before all bytes were
> read");
> - } else {
> - ret = 0;
> + }
> +
> + if (len <= 0) {
> + size_t fd_idx = nfds ? *nfds : 0;
This loads uninitialized memory when len < 0 and the caller has not
initialized *nfds because qio_channel_readv_full() does not set *nfds =
0 in the failure case.
qio_channel_readv_full() should clear nfds at the start of the function:
if (nfds) {
*nfds = 0;
}
> + if (len == 0) {
> + if (partial) {
> + error_setg(errp,
> + "Unexpected end-of-file before all bytes were
> read");
> + } else {
> + ret = 0;
> + }
> + }
> +
> + while (fds && fd_idx) {
> + close(*fds[fd_idx - 1]);
The type of fds is int **. Taking operator precedence into account, we
get:
int *ptr = fds[fd_idx - 1]; /* fds = {&int1, &int2, &int3, ...} */
close(*ptr);
That is not the intended behavior. I think this should be:
close((*fds)[fd_idx - 1]);
> + fd_idx--;
> + }
> +
> + if (fds) {
> + g_free(*fds);
> }
> +
> goto cleanup;
Please clear fds and nfds so there is no way the caller can accidentally
use the freed values.
signature.asc
Description: PGP signature
- [PATCH v16 00/20] Initial support for multi-process Qemu, Jagannathan Raman, 2021/01/11
- [PATCH v16 04/20] multi-process: Add config option for multi-process QEMU, Jagannathan Raman, 2021/01/11
- [PATCH v16 02/20] multi-process: add configure and usage information, Jagannathan Raman, 2021/01/11
- [PATCH v16 08/20] io: add qio_channel_readv_full_all_eof & qio_channel_readv_full_all helpers, Jagannathan Raman, 2021/01/11
- Re: [PATCH v16 08/20] io: add qio_channel_readv_full_all_eof & qio_channel_readv_full_all helpers,
Stefan Hajnoczi <=
- [PATCH v16 03/20] memory: alloc RAM from file at offset, Jagannathan Raman, 2021/01/11
- [PATCH v16 05/20] multi-process: setup PCI host bridge for remote device, Jagannathan Raman, 2021/01/11
- [PATCH v16 12/20] multi-process: setup memory manager for remote device, Jagannathan Raman, 2021/01/11
- [PATCH v16 11/20] multi-process: Associate fd of a PCIDevice with its object, Jagannathan Raman, 2021/01/11
- [PATCH v16 09/20] multi-process: define MPQemuMsg format and transmission functions, Jagannathan Raman, 2021/01/11
- [PATCH v16 13/20] multi-process: introduce proxy object, Jagannathan Raman, 2021/01/11
- [PATCH v16 16/20] multi-process: PCI BAR read/write handling for proxy & remote endpoints, Jagannathan Raman, 2021/01/11
- [PATCH v16 15/20] multi-process: Forward PCI config space acceses to the remote process, Jagannathan Raman, 2021/01/11
- [PATCH v16 19/20] multi-process: Retrieve PCI info from remote process, Jagannathan Raman, 2021/01/11
- [PATCH v16 17/20] multi-process: Synchronize remote memory, Jagannathan Raman, 2021/01/11