[libvirt] [PATCH] virsh: avoid uninitialized memory usage

Alex Jia ajia at redhat.com
Thu Apr 19 09:01:46 UTC 2012 

On 04/19/2012 04:53 PM, Wen Congyang wrote:
> At 04/19/2012 04:40 PM, Alex Jia Wrote:
>> On 04/19/2012 04:19 PM, Wen Congyang wrote:
>>> At 04/19/2012 04:09 PM, Alex Jia Wrote:
>>>> Detected by valgrind.
>>>>
>>>> * tools/virsh.c (cmdBlockPull): fix uninitialized memory usage.
>>>>
>>>> * How to reproduce?
>>>> $ qemu-img create /var/lib/libvirt/images/test 1M
>>>> $ cat>   /tmp/test.xml<<EOF
>>>> <domain type='qemu'>
>>>>     <name>test</name>
>>>>     <memory>219200</memory>
>>>>     <vcpu>1</vcpu>
>>>>     <os>
>>>>       <type arch='x86_64'>hvm</type>
>>>>       <boot dev='hd'/>
>>>>     </os>
>>>>     <devices>
>>>>       <disk type='file' device='disk'>
>>>>         <driver name='qemu' type='raw'/>
>>>>         <source file='/var/lib/libvirt/images/test'/>
>>>>         <target dev='vda' bus='virtio'/>
>>>>       </disk>
>>>>       <input type='mouse' bus='ps2'/>
>>>>       <graphics type='spice' autoport='yes' listen='0.0.0.0'/>
>>>>     </devices>
>>>> </domain>
>>>> EOF
>>>> $ virsh define /tmp/test.xml
>>>> $ valgrind -v virsh blockpull test /var/lib/libvirt/images/test --wait
>>>>
>>>> actual result:
>>>>
>>>> ==10906== 1 errors in context 1 of 1:
>>>> ==10906== Syscall param rt_sigaction(act->sa_flags) points to
>>>> uninitialised byte(s)
>>>> ==10906==    at 0x39CF80F5BE: __libc_sigaction (sigaction.c:67)
>>>> ==10906==    by 0x43016C: cmdBlockPull (virsh.c:7638)
>>>> ==10906==    by 0x4150D4: vshCommandRun (virsh.c:18574)
>>>> ==10906==    by 0x425E73: main (virsh.c:20178)
>>>> ==10906==  Address 0x7fefffae8 is on thread 1's stack
>>>>
>>>>
>>>> Signed-off-by: Alex Jia<ajia at redhat.com>
>>>> ---
>>>>    tools/virsh.c |    1 +
>>>>    1 files changed, 1 insertions(+), 0 deletions(-)
>>>>
>>>> diff --git a/tools/virsh.c b/tools/virsh.c
>>>> index 95ed7bc..4e4ca57 100644
>>>> --- a/tools/virsh.c
>>>> +++ b/tools/virsh.c
>>>> @@ -7634,6 +7634,7 @@ cmdBlockPull(vshControl *ctl, const vshCmd *cmd)
>>>>
>>>>            intCaught = 0;
>>>>            sig_action.sa_sigaction = vshCatchInt;
>>>> +        sigemptyset((sigset_t *)&sig_action.sa_flags);
>>> Why using sigemptyset here? You should use 'sig_action.sa_flags = 0'.
>> Yeah, I think 'sig_action.sa_flags = 0' is right, but I don't know what
>> the difference are,
>> could you explain more?
> sigset_t is:
> # define _SIGSET_NWORDS (1024 / (8 * sizeof (unsigned long int)))
> typedef struct
>    {
>      unsigned long int __val[_SIGSET_NWORDS];
>    } __sigset_t;
>
> The length of sigset is larger than sizeof(int)
>
> If you use sigemptyset() to clear flags, it will affect the memory after flags.
> It is very dangerous!!!
Yeah, thanks for your explanation again.
> Thanks
> Wen Congyang
>
>> Thanks,
>> Alex
>>> Thanks
>>> Wen Congyang
>>>
>>>>            sigemptyset(&sig_action.sa_mask);
>>>>            sigaction(SIGINT,&sig_action,&old_sig_action);
>>>>
>>

More information about the libvir-list mailing list