[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] virsh: avoid uninitialized memory usage



On 04/19/2012 04:53 PM, Wen Congyang wrote:
At 04/19/2012 04:40 PM, Alex Jia Wrote:
On 04/19/2012 04:19 PM, Wen Congyang wrote:
At 04/19/2012 04:09 PM, Alex Jia Wrote:
Detected by valgrind.

* tools/virsh.c (cmdBlockPull): fix uninitialized memory usage.

* How to reproduce?
$ qemu-img create /var/lib/libvirt/images/test 1M
$ cat>   /tmp/test.xml<<EOF
<domain type='qemu'>
    <name>test</name>
    <memory>219200</memory>
    <vcpu>1</vcpu>
    <os>
      <type arch='x86_64'>hvm</type>
      <boot dev='hd'/>
    </os>
    <devices>
      <disk type='file' device='disk'>
        <driver name='qemu' type='raw'/>
        <source file='/var/lib/libvirt/images/test'/>
        <target dev='vda' bus='virtio'/>
      </disk>
      <input type='mouse' bus='ps2'/>
      <graphics type='spice' autoport='yes' listen='0.0.0.0'/>
    </devices>
</domain>
EOF
$ virsh define /tmp/test.xml
$ valgrind -v virsh blockpull test /var/lib/libvirt/images/test --wait

actual result:

==10906== 1 errors in context 1 of 1:
==10906== Syscall param rt_sigaction(act->sa_flags) points to
uninitialised byte(s)
==10906==    at 0x39CF80F5BE: __libc_sigaction (sigaction.c:67)
==10906==    by 0x43016C: cmdBlockPull (virsh.c:7638)
==10906==    by 0x4150D4: vshCommandRun (virsh.c:18574)
==10906==    by 0x425E73: main (virsh.c:20178)
==10906==  Address 0x7fefffae8 is on thread 1's stack


Signed-off-by: Alex Jia<ajia redhat com>
---
   tools/virsh.c |    1 +
   1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/tools/virsh.c b/tools/virsh.c
index 95ed7bc..4e4ca57 100644
--- a/tools/virsh.c
+++ b/tools/virsh.c
@@ -7634,6 +7634,7 @@ cmdBlockPull(vshControl *ctl, const vshCmd *cmd)

           intCaught = 0;
           sig_action.sa_sigaction = vshCatchInt;
+        sigemptyset((sigset_t *)&sig_action.sa_flags);
Why using sigemptyset here? You should use 'sig_action.sa_flags = 0'.
Yeah, I think 'sig_action.sa_flags = 0' is right, but I don't know what
the difference are,
could you explain more?
sigset_t is:
# define _SIGSET_NWORDS (1024 / (8 * sizeof (unsigned long int)))
typedef struct
   {
     unsigned long int __val[_SIGSET_NWORDS];
   } __sigset_t;

The length of sigset is larger than sizeof(int)

If you use sigemptyset() to clear flags, it will affect the memory after flags.
It is very dangerous!!!
Yeah, thanks for your explanation again.
Thanks
Wen Congyang

Thanks,
Alex
Thanks
Wen Congyang

           sigemptyset(&sig_action.sa_mask);
           sigaction(SIGINT,&sig_action,&old_sig_action);




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]