From: John Ferlan Date: Fri, 12 Sep 2014 12:22:58 +0000 (-0400) Subject: qemu: Resolve Coverity BAD_SIZEOF X-Git-Tag: CVE-2014-3633~50 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3a0002b588bb32ee71173b656f9d050584e7bdb2;p=thirdparty%2Flibvirt.git qemu: Resolve Coverity BAD_SIZEOF Coverity complains about the calculation of the buf & len within the PROBE macro. So to quiet things down, do the calculation prior to usage in either write() or qemuMonitorIOWriteWithFD() calls and then have the PROBE use the calculated values - which works. --- diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c index 60591338a4..89446d7024 100644 --- a/src/qemu/qemu_monitor.c +++ b/src/qemu/qemu_monitor.c @@ -478,6 +478,8 @@ static int qemuMonitorIOWrite(qemuMonitorPtr mon) { int done; + char *buf; + size_t len; /* If no active message, or fully transmitted, the no-op */ if (!mon->msg || mon->msg->txOffset == mon->msg->txLength) @@ -489,22 +491,16 @@ qemuMonitorIOWrite(qemuMonitorPtr mon) return -1; } + buf = mon->msg->txBuffer + mon->msg->txOffset; + len = mon->msg->txLength - mon->msg->txOffset; if (mon->msg->txFD == -1) - done = write(mon->fd, - mon->msg->txBuffer + mon->msg->txOffset, - mon->msg->txLength - mon->msg->txOffset); + done = write(mon->fd, buf, len); else - done = qemuMonitorIOWriteWithFD(mon, - mon->msg->txBuffer + mon->msg->txOffset, - mon->msg->txLength - mon->msg->txOffset, - mon->msg->txFD); + done = qemuMonitorIOWriteWithFD(mon, buf, len, mon->msg->txFD); PROBE(QEMU_MONITOR_IO_WRITE, - "mon=%p buf=%s len=%d ret=%d errno=%d", - mon, - mon->msg->txBuffer + mon->msg->txOffset, - mon->msg->txLength - mon->msg->txOffset, - done, errno); + "mon=%p buf=%s len=%lu ret=%d errno=%d", + mon, buf, len, done, errno); if (mon->msg->txFD != -1) { PROBE(QEMU_MONITOR_IO_SEND_FD,