On Fri, Aug 13, 2021 at 04:05:03PM +0100, Peter Maydell wrote:
> We don't currently zero-initialize the 'struct sockaddr_in' that
> parse_host_port() fills in, so any fields we don't explicitly
> initialize might be left as random garbage. POSIX states that
> implementations may define extensions in sockaddr_in, and that those
> extensions must not trigger if zero-initialized. So not zero
> initializing might result in inadvertently triggering an impdef
> extension.
>
> memset() the sockaddr_in before we start to fill it in.
Technically, POSIX recommends default initialization, as in:
struct sockaddr_in sa = { 0 };
or:
static struct sockaddr_in sa_init;
struct sockaddr_in sa = sa_init;
because of odd platforms where default initialization compiles to
non-zero bits (think platforms where NULL and/or floating point 0.0 do
not have an all-zero-bit representation - yes, C is weird). But in
practice, that does not plague any of the hardware qemu cares about,
so I'm just fine with memset.
>
> Fixes: Coverity CID 1005338
> Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
> ---
> net/net.c | 2 ++
> 1 file changed, 2 insertions(+)
Reviewed-by: Eric Blake <ebl...@redhat.com>
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
