[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Wrong use of sizeof() in libxl_pvusb.c

Coverity complains, rightly, as follows:

> *** CID 1358110:  Incorrect expression  (SIZEOF_MISMATCH)
> /tools/libxl/libxl_pvusb.c: 1068 in bind_usbintf()
> 1062         if (fd < 0) {
> 1063             LOGE(ERROR, "open file failed: '%s'", path);
> 1064             rc = ERROR_FAIL;
> 1065             goto out;
> 1066         }
> 1067     
> >>>     CID 1358110:  Incorrect expression  (SIZEOF_MISMATCH)
> >>>     Passing argument "intf" of type "char const *" and argument "8L /* 
> >>> sizeof (intf) */" to function "libxl_write_exactly" is suspicious.
> 1068         if (libxl_write_exactly(CTX, fd, intf, sizeof(intf), path, 
> intf)) {

There is another occurrence in unbind_usbintf (CID 1358109).

AFAICT the right thing is probably to replace sizeof by strlen, but I
am not 100% sure.

Note that on i386 and armhf, sizeof(intf) will always be 4, and on
amd64 and arm64, always 8.  So this will write() garbage data into
sysfs.  Presumably the kernel doesn't notice because the garbage is
generally (a) in valid address space for the process and (b) starts
with the nul byte at the end of the string.

Chunyan: please provide a patch (or procure that someone else does

Please mention, in your commit message,

CID: 1358110
CID: 1358109


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.