| Message ID | 20190721085854.12026-1-chen.zhang@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [V4] net/colo-compare.c: Fix memory leak and code style issue. | expand |
On Sun, 21 Jul 2019 at 10:04, Zhang Chen <chen.zhang@intel.com> wrote: > > From: Zhang Chen <chen.zhang@intel.com> > > This patch to fix the origin "char *data" memory leak, code style issue > and add necessary check here. > Reported-by: Coverity (CID 1402785) > > Signed-off-by: Zhang Chen <chen.zhang@intel.com> > @@ -1008,21 +1019,24 @@ static void compare_notify_rs_finalize(SocketReadState *notify_rs) > { > CompareState *s = container_of(notify_rs, CompareState, notify_rs); > > - /* Get Xen colo-frame's notify and handle the message */ > - char *data = g_memdup(notify_rs->buf, notify_rs->packet_len); > - char msg[] = "COLO_COMPARE_GET_XEN_INIT"; > + const char msg[] = "COLO_COMPARE_GET_XEN_INIT"; > int ret; > > - if (!strcmp(data, "COLO_USERSPACE_PROXY_INIT")) { > + if (packet_matches_str("COLO_USERSPACE_PROXY_INIT", > + notify_rs->buf, > + notify_rs->packet_len)) { > ret = compare_chr_send(s, (uint8_t *)msg, strlen(msg), 0, true); > if (ret < 0) { > error_report("Notify Xen COLO-frame INIT failed"); > } > - } > - > - if (!strcmp(data, "COLO_CHECKPOINT")) { > + } else if (packet_matches_str("COLO_CHECKPOINT", > + notify_rs->buf, > + notify_rs->packet_len)) { > /* colo-compare do checkpoint, flush pri packet and remove sec packet */ > g_queue_foreach(&s->conn_list, colo_flush_packets, s); > + } else { > + error_report("COLO compare got unsupported instruction '%s'", > + (char *)notify_rs->buf); > } The notify_rs->buf is not NUL-terminated, so you can't use it in a %s format string like this. The simplest fix is just to not try to print the contents of the incoming packet at all. The rest of the patch looks good. thanks -- PMM
> -----Original Message----- > From: Peter Maydell [mailto:peter.maydell@linaro.org] > Sent: Monday, July 22, 2019 9:19 PM > To: Zhang, Chen <chen.zhang@intel.com> > Cc: Li Zhijian <lizhijian@cn.fujitsu.com>; Jason Wang <jasowang@redhat.com>; > qemu-dev <qemu-devel@nongnu.org>; Zhang Chen <zhangckid@gmail.com> > Subject: Re: [PATCH V4] net/colo-compare.c: Fix memory leak and code style > issue. > > On Sun, 21 Jul 2019 at 10:04, Zhang Chen <chen.zhang@intel.com> wrote: > > > > From: Zhang Chen <chen.zhang@intel.com> > > > > This patch to fix the origin "char *data" memory leak, code style > > issue and add necessary check here. > > Reported-by: Coverity (CID 1402785) > > > > Signed-off-by: Zhang Chen <chen.zhang@intel.com> > > > @@ -1008,21 +1019,24 @@ static void > > compare_notify_rs_finalize(SocketReadState *notify_rs) { > > CompareState *s = container_of(notify_rs, CompareState, > > notify_rs); > > > > - /* Get Xen colo-frame's notify and handle the message */ > > - char *data = g_memdup(notify_rs->buf, notify_rs->packet_len); > > - char msg[] = "COLO_COMPARE_GET_XEN_INIT"; > > + const char msg[] = "COLO_COMPARE_GET_XEN_INIT"; > > int ret; > > > > - if (!strcmp(data, "COLO_USERSPACE_PROXY_INIT")) { > > + if (packet_matches_str("COLO_USERSPACE_PROXY_INIT", > > + notify_rs->buf, > > + notify_rs->packet_len)) { > > ret = compare_chr_send(s, (uint8_t *)msg, strlen(msg), 0, true); > > if (ret < 0) { > > error_report("Notify Xen COLO-frame INIT failed"); > > } > > - } > > - > > - if (!strcmp(data, "COLO_CHECKPOINT")) { > > + } else if (packet_matches_str("COLO_CHECKPOINT", > > + notify_rs->buf, > > + notify_rs->packet_len)) { > > /* colo-compare do checkpoint, flush pri packet and remove sec packet > */ > > g_queue_foreach(&s->conn_list, colo_flush_packets, s); > > + } else { > > + error_report("COLO compare got unsupported instruction '%s'", > > + (char *)notify_rs->buf); > > } > > The notify_rs->buf is not NUL-terminated, so you can't use it in a %s format > string like this. The simplest fix is just to not try to print the contents of the > incoming packet at all. > > The rest of the patch looks good. Thanks for reminding. I will remove it in next version. Thanks Zhang Chen > > thanks > -- PMM
diff --git a/net/colo-compare.c b/net/colo-compare.c index 909dd6c6eb..23c0d906ab 100644 --- a/net/colo-compare.c +++ b/net/colo-compare.c @@ -127,6 +127,17 @@ static int compare_chr_send(CompareState *s, uint32_t vnet_hdr_len, bool notify_remote_frame); +static bool packet_matches_str(const char *str, + const uint8_t *buf, + uint32_t packet_len) +{ + if (packet_len != strlen(str)) { + return false; + } + + return !memcmp(str, buf, strlen(str)); +} + static void notify_remote_frame(CompareState *s) { char msg[] = "DO_CHECKPOINT"; @@ -1008,21 +1019,24 @@ static void compare_notify_rs_finalize(SocketReadState *notify_rs) { CompareState *s = container_of(notify_rs, CompareState, notify_rs); - /* Get Xen colo-frame's notify and handle the message */ - char *data = g_memdup(notify_rs->buf, notify_rs->packet_len); - char msg[] = "COLO_COMPARE_GET_XEN_INIT"; + const char msg[] = "COLO_COMPARE_GET_XEN_INIT"; int ret; - if (!strcmp(data, "COLO_USERSPACE_PROXY_INIT")) { + if (packet_matches_str("COLO_USERSPACE_PROXY_INIT", + notify_rs->buf, + notify_rs->packet_len)) { ret = compare_chr_send(s, (uint8_t *)msg, strlen(msg), 0, true); if (ret < 0) { error_report("Notify Xen COLO-frame INIT failed"); } - } - - if (!strcmp(data, "COLO_CHECKPOINT")) { + } else if (packet_matches_str("COLO_CHECKPOINT", + notify_rs->buf, + notify_rs->packet_len)) { /* colo-compare do checkpoint, flush pri packet and remove sec packet */ g_queue_foreach(&s->conn_list, colo_flush_packets, s); + } else { + error_report("COLO compare got unsupported instruction '%s'", + (char *)notify_rs->buf); } }