On 05/16/2018 03:03 PM, Eric Auger wrote:
> Coverity complains about use of uninitialized Evt struct.
> The EVT_SET_TYPE and similar setters use deposit32() on fields
> in the struct, so they read the uninitialized existing values.
> In cases where we don't set all the fields in the event struct
> we'll end up leaking random uninitialized data from QEMU's
> stack into the guest.
>
> Initializing the struct with "Evt evt = {};" ought to satisfy
> Coverity and fix the data leak.
>
> Signed-off-by: Eric Auger <eric.auger@redhat.com>
> Reported-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> ---
> hw/arm/smmuv3.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
> index b3026de..42dc521 100644
> --- a/hw/arm/smmuv3.c
> +++ b/hw/arm/smmuv3.c
> @@ -143,7 +143,7 @@ static MemTxResult smmuv3_write_eventq(SMMUv3State *s, Evt *evt)
>
> void smmuv3_record_event(SMMUv3State *s, SMMUEventInfo *info)
> {
> - Evt evt;
> + Evt evt = {};
> MemTxResult r;
>
> if (!smmuv3_eventq_enabled(s)) {
>