motorhead/qemu
1
0
Fork 0
mirror of https://github.com/Motorhead1991/qemu.git synced 2025-12-24 00:18:36 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions
qemu/migration
History
Philippe Mathieu-Daudé a346af9c88 migration: Use strnlen() for fixed-size string 
GCC 8 introduced the -Wstringop-overflow, which detect buffer overflow
by string-modifying functions declared in <string.h>, such strncpy(),
used in global_state_store_running().

GCC indeed found an incorrect use of strlen(), because this array
is loaded by VMSTATE_BUFFER(runstate, GlobalState) then parsed
using qapi_enum_parse which does not get the buffer length.

Use strnlen() which returns sizeof(s->runstate) if the array is not
NUL-terminated, assert the size is within range, and enforce the array
to be NUL-terminated to avoid an overflow in qapi_enum_parse().

This fixes:

    CC      migration/global_state.o
  qemu/migration/global_state.c: In function 'global_state_pre_save':
  qemu/migration/global_state.c:109:15: error: 'strlen' argument 1 declared attribute 'nonstring' [-Werror=stringop-overflow=]
       s->size = strlen((char *)s->runstate) + 1;
                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~
  qemu/migration/global_state.c:24:13: note: argument 'runstate' declared here
       uint8_t runstate[100] QEMU_NONSTRING;
               ^~~~~~~~
  cc1: all warnings being treated as errors
  make: *** [qemu/rules.mak:69: migration/global_state.o] Error 1

Suggested-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-01-17 21:10:57 -05:00
..
block-dirty-bitmap.c qemu/queue.h: leave head structs anonymous unless necessary 2019-01-11 15:46:55 +01:00
block.c qemu/queue.h: leave head structs anonymous unless necessary 2019-01-11 15:46:55 +01:00
block.h migration: disable auto-converge during bulk block migration 2017-09-27 11:27:14 +01:00
channel.c Migration+TLS: Fix crash due to double cleanup 2018-05-15 22:13:08 +02:00
channel.h migration: Route errors down through migration_channel_connect 2018-02-06 10:55:12 +00:00
colo-failover.c qapi/migration.json: Rename COLO unknown mode to none mode. 2018-10-19 11:15:03 +08:00
colo.c qapi: add conditions to REPLICATION type/commands on the schema 2018-12-14 06:52:48 +01:00
exec.c migration: unify incoming processing 2018-07-10 12:48:53 +01:00
exec.h migration: Export exec.c functions in its own file 2017-06-01 18:49:22 +02:00
fd.c migration: unify incoming processing 2018-07-10 12:48:53 +01:00
fd.h migration: Export fd.c functions in its own file 2017-06-01 18:49:22 +02:00
global_state.c migration: Use strnlen() for fixed-size string 2019-01-17 21:10:57 -05:00
Makefile.objs COLO: Remove colo_state migration struct 2018-10-19 11:15:03 +08:00
migration.c qmp hmp: Make system_wakeup check wake-up support and run state 2018-12-18 07:55:47 +01:00
migration.h migration: avoid segmentfault when take a snapshot of a VM which being migrated 2018-10-31 09:38:59 +00:00
page_cache.c migration: use local path for local headers 2018-06-01 19:20:38 +03:00
page_cache.h migration: Make cache_init() take an error parameter 2017-10-23 18:03:25 +02:00
postcopy-ram.c migration: Stop postcopy fault thread before notifying 2018-10-11 19:58:26 +01:00
postcopy-ram.h postcopy: drop ram_pages parameter from postcopy_ram_incoming_init() 2018-06-27 13:28:31 +02:00
qemu-file-channel.c migration: invoke qio_channel_yield only when qemu_in_coroutine() 2018-08-22 12:13:59 +02:00
qemu-file-channel.h migration: Export qemu-file-channel.c functions in its own file 2017-05-18 19:20:50 +02:00
qemu-file.c migration: disable RDMA WRITE after postcopy started 2018-08-22 12:12:07 +02:00
qemu-file.h migration: stop compression to allocate and free memory frequently 2018-04-25 18:04:06 +01:00
qjson.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00
qjson.h typedefs: add QJSON 2018-06-15 14:40:56 +01:00
ram.c qemu/queue.h: leave head structs anonymous unless necessary 2019-01-11 15:46:55 +01:00
ram.h COLO: Load dirty pages into SVM's RAM cache firstly 2018-10-19 11:15:03 +08:00
rdma.c migration/rdma: Fix uninitialised rdma_return_path 2018-09-26 12:21:33 +01:00
rdma.h migration: Export rdma.c functions in its own file 2017-06-01 18:49:23 +02:00
savevm.c vmstate: constify VMStateField 2018-11-27 15:35:15 +01:00
savevm.h savevm: split the process of different stages for loadvm/savevm 2018-10-19 11:15:03 +08:00
socket.c migration: unify incoming processing 2018-07-10 12:48:53 +01:00
socket.h migration: Export functions to create send channels 2018-05-15 20:24:27 +02:00
tls.c qio: non-default context for TLS handshake 2018-03-06 10:19:07 +00:00
tls.h migration: Export tls.c functions in its own file 2017-06-01 18:49:23 +02:00
trace-events COLO: Flush memory data from ram cache 2018-10-19 11:15:03 +08:00
vmstate-types.c vmstate: constify VMStateField 2018-11-27 15:35:15 +01:00
vmstate.c vmstate: constify VMStateField 2018-11-27 15:35:15 +01:00
xbzrle.c migration: Create migration/xbzrle.h 2017-05-18 18:04:54 +02:00
xbzrle.h migration: Create migration/xbzrle.h 2017-05-18 18:04:54 +02:00