On Fri, Aug 13, 2021 at 04:05:03PM +0100, Peter Maydell wrote: > We don't currently zero-initialize the 'struct sockaddr_in' that > parse_host_port() fills in, so any fields we don't explicitly > initialize might be left as random garbage. POSIX states that > implementations may define extensions in sockaddr_in, and that those > extensions must not trigger if zero-initialized. So not zero > initializing might result in inadvertently triggering an impdef > extension. > > memset() the sockaddr_in before we start to fill it in.
Technically, POSIX recommends default initialization, as in: struct sockaddr_in sa = { 0 }; or: static struct sockaddr_in sa_init; struct sockaddr_in sa = sa_init; because of odd platforms where default initialization compiles to non-zero bits (think platforms where NULL and/or floating point 0.0 do not have an all-zero-bit representation - yes, C is weird). But in practice, that does not plague any of the hardware qemu cares about, so I'm just fine with memset. > > Fixes: Coverity CID 1005338 > Signed-off-by: Peter Maydell <peter.mayd...@linaro.org> > --- > net/net.c | 2 ++ > 1 file changed, 2 insertions(+) Reviewed-by: Eric Blake <ebl...@redhat.com> -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org