From: Eric Blake Date: Fri, 21 Oct 2011 23:09:17 +0000 (-0600) Subject: qemu: avoid leaking uninit data from hotplug to dumpxml X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=2c27dfaeb1881a77a9463fde56a8c314528194d1;p=libvirt.git qemu: avoid leaking uninit data from hotplug to dumpxml Detected by Coverity. Both text and JSON monitors set only the bus and unit fields, which means driveAddr.controller spends life as garbage on the stack, and is then memcpy()'d into the in-memory representation which the user can see via dumpxml. * src/qemu/qemu_hotplug.c (qemuDomainAttachSCSIDisk): Only copy defined fields. --- diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index bfa524b9b4..037f4aa03c 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -505,7 +505,8 @@ int qemuDomainAttachSCSIDisk(struct qemud_driver *driver, /* XXX we should probably validate that the addr matches * our existing defined addr instead of overwriting */ disk->info.type = VIR_DOMAIN_DEVICE_ADDRESS_TYPE_DRIVE; - memcpy(&disk->info.addr.drive, &driveAddr, sizeof(driveAddr)); + disk->info.addr.drive.bus = driveAddr.bus; + disk->info.addr.drive.unit = driveAddr.unit; } } qemuDomainObjExitMonitorWithDriver(driver, vm);