Xen project Mailing List

[Xen-devel] Wrong use of sizeof() in libxl_pvusb.c

To: Chunyan Liu <cyliu@xxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Simon Cao <caobosimon@xxxxxxxxx>

From: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>

Date: Mon, 4 Apr 2016 16:01:42 +0100

Delivery-date: Mon, 04 Apr 2016 15:02:05 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

Coverity complains, rightly, as follows: > *** CID 1358110: Incorrect expression (SIZEOF_MISMATCH) > /tools/libxl/libxl_pvusb.c: 1068 in bind_usbintf() > 1062 if (fd < 0) { > 1063 LOGE(ERROR, "open file failed: '%s'", path); > 1064 rc = ERROR_FAIL; > 1065 goto out; > 1066 } > 1067 > >>> CID 1358110: Incorrect expression (SIZEOF_MISMATCH) > >>> Passing argument "intf" of type "char const *" and argument "8L /* > >>> sizeof (intf) */" to function "libxl_write_exactly" is suspicious. > 1068 if (libxl_write_exactly(CTX, fd, intf, sizeof(intf), path, > intf)) { There is another occurrence in unbind_usbintf (CID 1358109). AFAICT the right thing is probably to replace sizeof by strlen, but I am not 100% sure. Note that on i386 and armhf, sizeof(intf) will always be 4, and on amd64 and arm64, always 8. So this will write() garbage data into sysfs. Presumably the kernel doesn't notice because the garbage is generally (a) in valid address space for the process and (b) starts with the nul byte at the end of the string. Chunyan: please provide a patch (or procure that someone else does so). Please mention, in your commit message, CID: 1358110 CID: 1358109 Thanks, Ian. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.