[libvirt] [PATCH] virsh: avoid uninitialized memory usage
Alex Jia
ajia at redhat.com
Thu Apr 19 09:01:46 UTC 2012
On 04/19/2012 04:53 PM, Wen Congyang wrote:
> At 04/19/2012 04:40 PM, Alex Jia Wrote:
>> On 04/19/2012 04:19 PM, Wen Congyang wrote:
>>> At 04/19/2012 04:09 PM, Alex Jia Wrote:
>>>> Detected by valgrind.
>>>>
>>>> * tools/virsh.c (cmdBlockPull): fix uninitialized memory usage.
>>>>
>>>> * How to reproduce?
>>>> $ qemu-img create /var/lib/libvirt/images/test 1M
>>>> $ cat> /tmp/test.xml<<EOF
>>>> <domain type='qemu'>
>>>> <name>test</name>
>>>> <memory>219200</memory>
>>>> <vcpu>1</vcpu>
>>>> <os>
>>>> <type arch='x86_64'>hvm</type>
>>>> <boot dev='hd'/>
>>>> </os>
>>>> <devices>
>>>> <disk type='file' device='disk'>
>>>> <driver name='qemu' type='raw'/>
>>>> <source file='/var/lib/libvirt/images/test'/>
>>>> <target dev='vda' bus='virtio'/>
>>>> </disk>
>>>> <input type='mouse' bus='ps2'/>
>>>> <graphics type='spice' autoport='yes' listen='0.0.0.0'/>
>>>> </devices>
>>>> </domain>
>>>> EOF
>>>> $ virsh define /tmp/test.xml
>>>> $ valgrind -v virsh blockpull test /var/lib/libvirt/images/test --wait
>>>>
>>>> actual result:
>>>>
>>>> ==10906== 1 errors in context 1 of 1:
>>>> ==10906== Syscall param rt_sigaction(act->sa_flags) points to
>>>> uninitialised byte(s)
>>>> ==10906== at 0x39CF80F5BE: __libc_sigaction (sigaction.c:67)
>>>> ==10906== by 0x43016C: cmdBlockPull (virsh.c:7638)
>>>> ==10906== by 0x4150D4: vshCommandRun (virsh.c:18574)
>>>> ==10906== by 0x425E73: main (virsh.c:20178)
>>>> ==10906== Address 0x7fefffae8 is on thread 1's stack
>>>>
>>>>
>>>> Signed-off-by: Alex Jia<ajia at redhat.com>
>>>> ---
>>>> tools/virsh.c | 1 +
>>>> 1 files changed, 1 insertions(+), 0 deletions(-)
>>>>
>>>> diff --git a/tools/virsh.c b/tools/virsh.c
>>>> index 95ed7bc..4e4ca57 100644
>>>> --- a/tools/virsh.c
>>>> +++ b/tools/virsh.c
>>>> @@ -7634,6 +7634,7 @@ cmdBlockPull(vshControl *ctl, const vshCmd *cmd)
>>>>
>>>> intCaught = 0;
>>>> sig_action.sa_sigaction = vshCatchInt;
>>>> + sigemptyset((sigset_t *)&sig_action.sa_flags);
>>> Why using sigemptyset here? You should use 'sig_action.sa_flags = 0'.
>> Yeah, I think 'sig_action.sa_flags = 0' is right, but I don't know what
>> the difference are,
>> could you explain more?
> sigset_t is:
> # define _SIGSET_NWORDS (1024 / (8 * sizeof (unsigned long int)))
> typedef struct
> {
> unsigned long int __val[_SIGSET_NWORDS];
> } __sigset_t;
>
> The length of sigset is larger than sizeof(int)
>
> If you use sigemptyset() to clear flags, it will affect the memory after flags.
> It is very dangerous!!!
Yeah, thanks for your explanation again.
> Thanks
> Wen Congyang
>
>> Thanks,
>> Alex
>>> Thanks
>>> Wen Congyang
>>>
>>>> sigemptyset(&sig_action.sa_mask);
>>>> sigaction(SIGINT,&sig_action,&old_sig_action);
>>>>
>>
More information about the libvir-list
mailing list