[libvirt] [PATCH] qemu: Fixing uninitialised variable inside virQEMUDriverConfigLoadFile.

Julio Faracco posted 1 patch 19 weeks ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20180608201155.30235-1-jcfaracco@gmail.com
Test syntax-check passed
src/qemu/qemu_conf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

[libvirt] [PATCH] qemu: Fixing uninitialised variable inside virQEMUDriverConfigLoadFile.

Posted by Julio Faracco 19 weeks ago
Since virConfGetValueBool() can return earlier, the parameter 'value'
might be not initialised properly inside this method. Another proof:
Valgrind is returning this error during the libvirtd daemon startup:

==16199== Conditional jump or move depends on uninitialised value(s)
==16199==    at 0x27FFFEF4: virQEMUDriverConfigLoadFile (qemu_conf.c:809)
==16199==    by 0x2807665C: qemuStateInitialize (qemu_driver.c:654)
==16199==    by 0x5535428: virStateInitialize (libvirt.c:662)
==16199==    by 0x12AED8: daemonRunStateInit (remote_daemon.c:802)
==16199==    by 0x536DE18: virThreadHelper (virthread.c:206)
==16199==    by 0x6CB36DA: start_thread (pthread_create.c:463)
==16199==    by 0x6FEC88E: clone (clone.S:95)

Signed-off-by: Julio Faracco <jcfaracco@gmail.com>
---
 src/qemu/qemu_conf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index f079ae3221..95f81703fd 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -511,7 +511,7 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg,
     char **nvram = NULL;
     char *corestr = NULL;
     char **namespaces = NULL;
-    bool tmp;
+    bool tmp = false;
 
     /* Just check the file is readable before opening it, otherwise
      * libvirt emits an error.
-- 
2.17.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] qemu: Fixing uninitialised variable inside virQEMUDriverConfigLoadFile.

Posted by Peter Krempa 18 weeks ago
On Fri, Jun 08, 2018 at 17:11:55 -0300, Julio Faracco wrote:
> Since virConfGetValueBool() can return earlier, the parameter 'value'
> might be not initialised properly inside this method. Another proof:

Yeah, the problem is that if the value is not found, virConfGetValueBool
returns 0 which I did not notice.

I think a better fix will be to execute the condition checking 'tmp' only
when virConfGetValueBool returns 1 as we care only if the user set the
unsupported configuration.
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list