[Xen-devel] [PATCH] tools:misc:xenlockprof: fix possible format string overflow

2017-04-04 Thread Seraphime Kirkovski 
GCC7 complains about a possible overflow/truncation in xenlockprof.

xenlockprof.c: In function ‘main’:
xenlockprof.c:100:53: error: ‘%s’ directive writing up to 39 bytes into a
 region of size between 17 and 37 
[-Werror=format-overflow=]
 sprintf(name, "unknown type(%d) %d lock %s", data[j].type,
 ^~
xenlockprof.c:100:13: note: ‘sprintf’ output between 24 and 83 bytes
 into a destination of size 60
 sprintf(name, "unknown type(%d) %d lock %s", data[j].type,
 ^~
 data[j].idx, data[j].name);
 ~~

This increases the size of name to 100. Not the most scalable solution,
but certainly the "cheapest", as it doesn't add dependencies for
asprintf.

Signed-off-by: Seraphime Kirkovski <kirkser...@gmail.com>
---
 tools/misc/xenlockprof.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/misc/xenlockprof.c b/tools/misc/xenlockprof.c
index 41fcb792cc..df23c82912 100644
--- a/tools/misc/xenlockprof.c
+++ b/tools/misc/xenlockprof.c
@@ -24,7 +24,7 @@ int main(int argc, char *argv[])
 uint32_t   i, j, n;
 uint64_t   time;
 double l, b, sl, sb;
-char   name[60];
+char   name[100];
 DECLARE_HYPERCALL_BUFFER(xc_lockprof_data_t, data);
 
 if ( (argc > 2) || ((argc == 2) && (strcmp(argv[1], "-r") != 0)) )
-- 
2.11.0


___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

[Xen-devel] [PATCHv2] libxc: fix segfault on uninitialized xch->fmem

2017-04-04 Thread Seraphime Kirkovski 
Currently in xc_interface_open, xch->fmem is not initialized
and in some rare case the code fails before ever assigning a value
to it.

I got this in master:

   $ sudo ./xl/xl run
   xencall: error: Could not obtain handle on privileged command interface: No 
such file or directory
   Segmentation fault

This initializes the whole xch_buff to 0.

Signed-off-by: Seraphime Kirkovski <kirkser...@gmail.com>
---

 Changes from v1:
   * Initialize the entire struct xc_interface_core to 0

 tools/libxc/xc_private.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/libxc/xc_private.c b/tools/libxc/xc_private.c
index 72e6242417..f395594a8f 100644
--- a/tools/libxc/xc_private.c
+++ b/tools/libxc/xc_private.c
@@ -30,7 +30,7 @@ struct xc_interface_core *xc_interface_open(xentoollog_logger 
*logger,
 xentoollog_logger *dombuild_logger,
 unsigned open_flags)
 {
-struct xc_interface_core xch_buf, *xch = _buf;
+struct xc_interface_core xch_buf = { 0 }, *xch = _buf;
 
 xch->flags = open_flags;
 xch->dombuild_logger_file = 0;
-- 
2.11.0


___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH] libxc: fix segfault on uninitialized xch->fmem

2017-04-04 Thread Seraphime Kirkovski 
On Tue, Apr 04, 2017 at 11:15:07AM +0100, Wei Liu wrote:
> Since there are a few handles in xch, it would be better to initialise
> them all at once by doing:
> 
> struct xc_interface_core xch_buf = { 0 }
> 
> >  xch->flags = open_flags;
> >  xch->dombuild_logger_file = 0;
> >  xc_clear_last_error(xch);
> > -- 
> > 2.11.0
> > 

Hi, thanks for the reply.

Literally 10 minutes after sending this, I thought that a bzero would
be better. Will send a V2 shortly.

(Sorry about the resend, mailer problems...)

___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

[Xen-devel] (no subject)

2017-04-04 Thread Seraphime Kirkovski 

Bcc: 
Subject: Re: [PATCH] libxc: fix segfault on uninitialized xch->fmem
Reply-To: 
In-Reply-To: <20170404101507.lohlu5rbx4jq5...@citrix.com>

On Tue, Apr 04, 2017 at 11:15:07AM +0100, Wei Liu wrote:
> Since there are a few handles in xch, it would be better to initialise
> them all at once by doing:
> 
> struct xc_interface_core xch_buf = { 0 }
> 
> >  xch->flags = open_flags;
> >  xch->dombuild_logger_file = 0;
> >  xc_clear_last_error(xch);
> > -- 
> > 2.11.0
> > 

Hi, thanks for the reply.

Literally 10 minutes after sending this, I thought that a bzero would
be better. Will send a V2 shortly.

___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

[Xen-devel] [PATCH] libxc: fix segfault on uninitialized xch->fmem

2017-04-03 Thread Seraphime Kirkovski 
Currently in xc_interface_open, xch->fmem is not initialized
and in some rare case the code fails before ever assigning a value
to it.

I got this in master:

   $ sudo ./xl/xl run
   xencall: error: Could not obtain handle on privileged command interface: No 
such file or directory
   Segmentation fault

This initializes xch->fmem to NULL

Signed-off-by: Seraphime Kirkovski <kirkser...@gmail.com>
---
 tools/libxc/xc_private.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tools/libxc/xc_private.c b/tools/libxc/xc_private.c
index 72e6242417..4ed46fde5f 100644
--- a/tools/libxc/xc_private.c
+++ b/tools/libxc/xc_private.c
@@ -32,6 +32,7 @@ struct xc_interface_core *xc_interface_open(xentoollog_logger 
*logger,
 {
 struct xc_interface_core xch_buf, *xch = _buf;
 
+xch->fmem = NULL;
 xch->flags = open_flags;
 xch->dombuild_logger_file = 0;
 xc_clear_last_error(xch);
-- 
2.11.0


___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel