On 4 May 2018 at 18:15, Peter Maydell <peter.mayd...@linaro.org> wrote:
> From: Eric Auger <eric.au...@redhat.com>
>
> Let's introduce a helper function aiming at recording an
> event in the event queue.
> +void smmuv3_record_event(SMMUv3State *s, SMMUEventInfo *info)
> +{
> + Evt evt;
> + MemTxResult r;
>
> if (!smmuv3_eventq_enabled(s)) {
> return;
> }
>
> - if (smmuv3_q_full(q)) {
> + EVT_SET_TYPE(&evt, info->type);
> + EVT_SET_SID(&evt, info->sid);
Hi Eric -- Coverity complains about use of uninitialized data
here (CID 1391004). Evt is a struct, and there's no initializer
where we declare it, so its fields are uninitialized. The
The EVT_SET_TYPE and similar setters use deposit32() on fields
in the struct, so they read the uninitialized existing values.
In cases where we don't set all the fields in the event struct
we'll end up leaking random uninitialized data from QEMU's
stack into the guest.
Initializing the struct with "Evt evt = {};" ought to satisfy
Coverity and fix the data leak.
thanks
-- PMM
