mbox series

[v3,0/8] off-by-one and NULL pointer accesses detected by static analysis

Message ID 1535739372-24454-1-git-send-email-Liam.Merwick@oracle.com (mailing list archive)
Headers show
Series off-by-one and NULL pointer accesses detected by static analysis | expand

Message

Liam Merwick Aug. 31, 2018, 6:16 p.m. UTC 
Below are a number of fixes to some off-by-one, read outside array bounds, and
NULL pointer accesses detected by an internal Oracle static analysis tool (Parfait).
https://labs.oracle.com/pls/apex/f?p=labs:49:::::P49_PROJECT_ID:13

I have also included a patch to add a command-line option to configure to
select if AVX2 is used or not (keeping the existing behaviour by default).
My motivation was avoiding an issue with the static analysis tool but NetSpectre
was announced as I was working on this and I felt it may have more general uses.

v1 -> v2
Based on feedback from Eric Blake:
patch2: reworded commit message to clarify issue
patch6: Reverted common qlist routines and added assert to qlist_dump instead
patch7: Fixed incorrect logic
patch8: Added QEMU_BUILD_BUG_ON to catch future Ń–nstance at compile-time

v2 -> v3
Based on feedback from Eric Blake:
patch6: removed double space from commit message
patch8: removed unnecessary comment and updated QEMU_BUILD_BUG_ON to use ARRAY_SIZE
Added Eric's R-b to patches 6,7,8

Liam Merwick (8):
  configure: Provide option to explicitly disable AVX2
  job: Fix off-by-one assert checks for JobSTT and JobVerbTable
  block: Null pointer dereference in blk_root_get_parent_desc()
  qemu-img: potential Null pointer deref in img_commit()
  block: Fix potential Null pointer dereferences in vvfat.c
  block: dump_qlist() may dereference a Null pointer
  io: potential unnecessary check in qio_channel_command_new_spawn()
  qcow2: Read outside array bounds in qcow2_pre_write_overlap_check()

 block/block-backend.c  |  2 +-
 block/qapi.c           |  2 ++
 block/qcow2-refcount.c | 18 ++++++++--------
 block/vvfat.c          | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++
 configure              | 11 ++++++++--
 io/channel-command.c   |  3 +--
 job.c                  |  4 ++--
 qemu-img.c             |  3 +++
 8 files changed, 84 insertions(+), 15 deletions(-)

Comments

Markus Armbruster Oct. 9, 2018, 4:45 p.m. UTC | #1 
I'm afraid this fell through the cracks, most likely because you
neglected to cc: maintainers.  I'm doing that for you now.  Next time,
feed your patches to scripts/get_maintainer.pl for suggestions on whom
to copy.  Thanks!

Liam Merwick <Liam.Merwick@oracle.com> writes:

> Below are a number of fixes to some off-by-one, read outside array bounds, and
> NULL pointer accesses detected by an internal Oracle static analysis tool (Parfait).
> https://labs.oracle.com/pls/apex/f?p=labs:49:::::P49_PROJECT_ID:13
>
> I have also included a patch to add a command-line option to configure to
> select if AVX2 is used or not (keeping the existing behaviour by default).
> My motivation was avoiding an issue with the static analysis tool but NetSpectre
> was announced as I was working on this and I felt it may have more general uses.
>
> v1 -> v2
> Based on feedback from Eric Blake:
> patch2: reworded commit message to clarify issue
> patch6: Reverted common qlist routines and added assert to qlist_dump instead
> patch7: Fixed incorrect logic
> patch8: Added QEMU_BUILD_BUG_ON to catch future Ń–nstance at compile-time
>
> v2 -> v3
> Based on feedback from Eric Blake:
> patch6: removed double space from commit message
> patch8: removed unnecessary comment and updated QEMU_BUILD_BUG_ON to use ARRAY_SIZE
> Added Eric's R-b to patches 6,7,8
>
> Liam Merwick (8):
>   configure: Provide option to explicitly disable AVX2
>   job: Fix off-by-one assert checks for JobSTT and JobVerbTable
>   block: Null pointer dereference in blk_root_get_parent_desc()
>   qemu-img: potential Null pointer deref in img_commit()
>   block: Fix potential Null pointer dereferences in vvfat.c
>   block: dump_qlist() may dereference a Null pointer
>   io: potential unnecessary check in qio_channel_command_new_spawn()
>   qcow2: Read outside array bounds in qcow2_pre_write_overlap_check()
>
>  block/block-backend.c  |  2 +-
>  block/qapi.c           |  2 ++
>  block/qcow2-refcount.c | 18 ++++++++--------
>  block/vvfat.c          | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++
>  configure              | 11 ++++++++--
>  io/channel-command.c   |  3 +--
>  job.c                  |  4 ++--
>  qemu-img.c             |  3 +++
>  8 files changed, 84 insertions(+), 15 deletions(-)