[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 1/2] qemu-char: BUGFIX, don't call FD_ISSET with
|
From: |
David Gibson |
|
Subject: |
Re: [Qemu-devel] [PATCH 1/2] qemu-char: BUGFIX, don't call FD_ISSET with negative fd |
|
Date: |
Wed, 19 Sep 2012 10:30:36 +1000 |
|
User-agent: |
Mutt/1.5.21 (2010-09-15) |
On Tue, Sep 18, 2012 at 01:29:04PM +0200, Andreas Färber wrote:
> Am 18.09.2012 02:08, schrieb David Gibson:
> > On Mon, Sep 17, 2012 at 01:24:51PM -0500, Anthony Liguori wrote:
> >> David Gibson <address@hidden> writes:
> >>
> >>> tcp_chr_connect(), unlike for example udp_chr_update_read_handler() does
> >>> not check if the fd it is using is valid (>= 0) before passing it to
> >>> qemu_set_fd_handler2(). If using e.g. a TCP serial port, which is not
> >>> initially connected, this can result in -1 being passed to FD_ISSET, which
> >>> has undefined behaviour. On x86 it seems to harmlessly return 0, but on
> >>> PowerPC, it causes a fortify buffer overflow error to be thrown.
> >>>
> >>> This patch fixes this by putting an extra test in tcp_chr_connect(), and
> >>> also adds an assert qemu_set_fd_handler2() to catch other such errors on
> >>> all platforms, rather than just some.
> >>>
> >>> Signed-off-by: David Gibson <address@hidden>
> >>
> >> Applied. Thanks.
> >
> > Excellent.
> >
> > Fwiw, I think this one should go into the stable branch, too.
>
> ...which you indicate by cc'ing qemu-stable since that is not handled by
> Anthony himself.
Ah, sorry, I was not aware. Noted for the future.
> Queued for stable-0.15.
Thanks.
--
David Gibson | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson