On Tue, Sep 18, 2012 at 01:29:04PM +0200, Andreas Färber wrote: > Am 18.09.2012 02:08, schrieb David Gibson: > > On Mon, Sep 17, 2012 at 01:24:51PM -0500, Anthony Liguori wrote: > >> David Gibson <da...@gibson.dropbear.id.au> writes: > >> > >>> tcp_chr_connect(), unlike for example udp_chr_update_read_handler() does > >>> not check if the fd it is using is valid (>= 0) before passing it to > >>> qemu_set_fd_handler2(). If using e.g. a TCP serial port, which is not > >>> initially connected, this can result in -1 being passed to FD_ISSET, which > >>> has undefined behaviour. On x86 it seems to harmlessly return 0, but on > >>> PowerPC, it causes a fortify buffer overflow error to be thrown. > >>> > >>> This patch fixes this by putting an extra test in tcp_chr_connect(), and > >>> also adds an assert qemu_set_fd_handler2() to catch other such errors on > >>> all platforms, rather than just some. > >>> > >>> Signed-off-by: David Gibson <da...@gibson.dropbear.id.au> > >> > >> Applied. Thanks. > > > > Excellent. > > > > Fwiw, I think this one should go into the stable branch, too. > > ...which you indicate by cc'ing qemu-stable since that is not handled by > Anthony himself.
Ah, sorry, I was not aware. Noted for the future. > Queued for stable-0.15. Thanks. -- David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson