Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: minor memory bugs #784

Merged
merged 3 commits into from
Sep 18, 2023
Merged

fix: minor memory bugs #784

merged 3 commits into from
Sep 18, 2023

Conversation

w-henderson
Copy link
Contributor

@w-henderson w-henderson commented Sep 18, 2023
edited
Loading

Fixes the following Coverity reports:

** CID 417161:  Memory - corruptions  (ARRAY_VS_SINGLETON)
/samples/server.c: 438 in migration_write_data()


________________________________________________________________________________________________________
*** CID 417161:  Memory - corruptions  (ARRAY_VS_SINGLETON)
/samples/server.c: 438 in migration_write_data()
432         }
433    
434         /* write to bar0, if any */
435         if (write_end > server_data->bar1_size) {
436             length_in_bar0 = write_end - write_start;
437             write_start -= server_data->bar1_size;
     CID 417161:  Memory - corruptions  (ARRAY_VS_SINGLETON)
     Using "&server_data->bar0" as an array.  This might corrupt or misinterpret adjacent memory locations.
438             memcpy(&server_data->bar0 + write_start, buf + length_in_bar1,
439                    length_in_bar0);
440         }
441    
442         server_data->migration.bytes_transferred += bytes_written;
443    

** CID 417160:  Memory - corruptions  (ARRAY_VS_SINGLETON)
/samples/server.c: 394 in migration_read_data()


________________________________________________________________________________________________________
*** CID 417160:  Memory - corruptions  (ARRAY_VS_SINGLETON)
/samples/server.c: 394 in migration_read_data()
388         }
389    
390         /* read bar0, if any */
391         if (read_end > server_data->bar1_size) {
392             length_in_bar0 = read_end - read_start;
393             read_start -= server_data->bar1_size;
     CID 417160:  Memory - corruptions  (ARRAY_VS_SINGLETON)
     Using "&server_data->bar0" as an array.  This might corrupt or misinterpret adjacent memory locations.
394             memcpy(buf + length_in_bar1, &server_data->bar0 + read_start,
395                    length_in_bar0);
396         }
397    
398         server_data->migration.bytes_transferred += bytes_read;
399    

** CID 417159:  Possible Control flow issues  (DEADCODE)
/lib/libvfio-user.c: 121 in dev_get_caps()


________________________________________________________________________________________________________
*** CID 417159:  Possible Control flow issues  (DEADCODE)
/lib/libvfio-user.c: 121 in dev_get_caps()
115    
116         header = (struct vfio_info_cap_header*)(vfio_reg + 1);
117    
118         if (vfu_reg->mmap_areas != NULL) {
119             int i, nr_mmap_areas = vfu_reg->nr_mmap_areas;
120             if (type != NULL) {
     CID 417159:  Possible Control flow issues  (DEADCODE)
     Execution cannot reach this statement: "type->header.next = vfio_re...".
121                 type->header.next = vfio_reg->cap_offset + sizeof(struct vfio_region_info_cap_type);
122                 sparse = (struct vfio_region_info_cap_sparse_mmap*)(type + 1);
123             } else {
124                 vfio_reg->cap_offset = sizeof(struct vfio_region_info);
125                 sparse = (struct vfio_region_info_cap_sparse_mmap*)header;
126             }

@w-henderson
fix: minor memory bugs
b88cdd2 
Signed-off-by: William Henderson <william.henderson@nutanix.com>
@jlevon
Copy link
Collaborator

jlevon commented Sep 18, 2023

please add the actual reports from coverity to the commit msg

jlevon
jlevon reviewed Sep 18, 2023
View reviewed changes
lib/libvfio-user.c Outdated Show resolved Hide resolved
@w-henderson
fix formatting
805df93 
Signed-off-by: William Henderson <william.henderson@nutanix.com>
@w-henderson
Copy link
Contributor Author

@jlevon Will this actually resolve the report? Given that we're still doing pointer arithmetic on a pointer that doesn't point to an array?

@jlevon
Copy link
Collaborator

jlevon commented Sep 18, 2023

@jlevon Will this actually resolve the report? Given that we're still doing pointer arithmetic on a pointer that doesn't point to an array?

should do yes

@jlevon jlevon merged commit 1c0cf16 into master Sep 18, 2023
8 checks passed
@jlevon jlevon deleted the w-henderson/memory-bugs branch September 18, 2023 13:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jlevon jlevon jlevon approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@w-henderson @jlevon