Hi Peter,
On 05/14/2018 06:23 PM, Peter Maydell wrote:
> On 4 May 2018 at 18:15, Peter Maydell <peter.mayd...@linaro.org> wrote:
>> From: Eric Auger <eric.au...@redhat.com>
>>
>> Let's introduce a helper function aiming at recording an
>> event in the event queue.
>
>> +void smmuv3_record_event(SMMUv3State *s, SMMUEventInfo *info)
>> +{
>> + Evt evt;
>> + MemTxResult r;
>>
>> if (!smmuv3_eventq_enabled(s)) {
>> return;
>> }
>>
>> - if (smmuv3_q_full(q)) {
>> + EVT_SET_TYPE(&evt, info->type);
>> + EVT_SET_SID(&evt, info->sid);
>
> Hi Eric -- Coverity complains about use of uninitialized data
> here (CID 1391004). Evt is a struct, and there's no initializer
> where we declare it, so its fields are uninitialized. The
> The EVT_SET_TYPE and similar setters use deposit32() on fields
> in the struct, so they read the uninitialized existing values.
> In cases where we don't set all the fields in the event struct
> we'll end up leaking random uninitialized data from QEMU's
> stack into the guest.
>
> Initializing the struct with "Evt evt = {};" ought to satisfy
> Coverity and fix the data leak.
Sure I will send a patch.
Thanks
Eric
>
> thanks
> -- PMM
>
