[Xen-devel] [PATCH] tools:misc:xenlockprof: fix possible format string overflow
GCC7 complains about a possible overflow/truncation in xenlockprof. xenlockprof.c: In function ‘main’: xenlockprof.c:100:53: error: ‘%s’ directive writing up to 39 bytes into a region of size between 17 and 37 [-Werror=format-overflow=] sprintf(name, "unknown type(%d) %d lock %s", data[j].type, ^~ xenlockprof.c:100:13: note: ‘sprintf’ output between 24 and 83 bytes into a destination of size 60 sprintf(name, "unknown type(%d) %d lock %s", data[j].type, ^~ data[j].idx, data[j].name); ~~ This increases the size of name to 100. Not the most scalable solution, but certainly the "cheapest", as it doesn't add dependencies for asprintf. Signed-off-by: Seraphime Kirkovski <kirkser...@gmail.com> --- tools/misc/xenlockprof.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/misc/xenlockprof.c b/tools/misc/xenlockprof.c index 41fcb792cc..df23c82912 100644 --- a/tools/misc/xenlockprof.c +++ b/tools/misc/xenlockprof.c @@ -24,7 +24,7 @@ int main(int argc, char *argv[]) uint32_t i, j, n; uint64_t time; double l, b, sl, sb; -char name[60]; +char name[100]; DECLARE_HYPERCALL_BUFFER(xc_lockprof_data_t, data); if ( (argc > 2) || ((argc == 2) && (strcmp(argv[1], "-r") != 0)) ) -- 2.11.0 ___ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
[Xen-devel] [PATCHv2] libxc: fix segfault on uninitialized xch->fmem
Currently in xc_interface_open, xch->fmem is not initialized and in some rare case the code fails before ever assigning a value to it. I got this in master: $ sudo ./xl/xl run xencall: error: Could not obtain handle on privileged command interface: No such file or directory Segmentation fault This initializes the whole xch_buff to 0. Signed-off-by: Seraphime Kirkovski <kirkser...@gmail.com> --- Changes from v1: * Initialize the entire struct xc_interface_core to 0 tools/libxc/xc_private.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/libxc/xc_private.c b/tools/libxc/xc_private.c index 72e6242417..f395594a8f 100644 --- a/tools/libxc/xc_private.c +++ b/tools/libxc/xc_private.c @@ -30,7 +30,7 @@ struct xc_interface_core *xc_interface_open(xentoollog_logger *logger, xentoollog_logger *dombuild_logger, unsigned open_flags) { -struct xc_interface_core xch_buf, *xch = _buf; +struct xc_interface_core xch_buf = { 0 }, *xch = _buf; xch->flags = open_flags; xch->dombuild_logger_file = 0; -- 2.11.0 ___ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
Re: [Xen-devel] [PATCH] libxc: fix segfault on uninitialized xch->fmem
On Tue, Apr 04, 2017 at 11:15:07AM +0100, Wei Liu wrote: > Since there are a few handles in xch, it would be better to initialise > them all at once by doing: > > struct xc_interface_core xch_buf = { 0 } > > > xch->flags = open_flags; > > xch->dombuild_logger_file = 0; > > xc_clear_last_error(xch); > > -- > > 2.11.0 > > Hi, thanks for the reply. Literally 10 minutes after sending this, I thought that a bzero would be better. Will send a V2 shortly. (Sorry about the resend, mailer problems...) ___ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
[Xen-devel] (no subject)
Bcc: Subject: Re: [PATCH] libxc: fix segfault on uninitialized xch->fmem Reply-To: In-Reply-To: <20170404101507.lohlu5rbx4jq5...@citrix.com> On Tue, Apr 04, 2017 at 11:15:07AM +0100, Wei Liu wrote: > Since there are a few handles in xch, it would be better to initialise > them all at once by doing: > > struct xc_interface_core xch_buf = { 0 } > > > xch->flags = open_flags; > > xch->dombuild_logger_file = 0; > > xc_clear_last_error(xch); > > -- > > 2.11.0 > > Hi, thanks for the reply. Literally 10 minutes after sending this, I thought that a bzero would be better. Will send a V2 shortly. ___ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
[Xen-devel] [PATCH] libxc: fix segfault on uninitialized xch->fmem
Currently in xc_interface_open, xch->fmem is not initialized and in some rare case the code fails before ever assigning a value to it. I got this in master: $ sudo ./xl/xl run xencall: error: Could not obtain handle on privileged command interface: No such file or directory Segmentation fault This initializes xch->fmem to NULL Signed-off-by: Seraphime Kirkovski <kirkser...@gmail.com> --- tools/libxc/xc_private.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/libxc/xc_private.c b/tools/libxc/xc_private.c index 72e6242417..4ed46fde5f 100644 --- a/tools/libxc/xc_private.c +++ b/tools/libxc/xc_private.c @@ -32,6 +32,7 @@ struct xc_interface_core *xc_interface_open(xentoollog_logger *logger, { struct xc_interface_core xch_buf, *xch = _buf; +xch->fmem = NULL; xch->flags = open_flags; xch->dombuild_logger_file = 0; xc_clear_last_error(xch); -- 2.11.0 ___ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel