From patchwork Thu Aug 30 15:47:03 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Liam Merwick X-Patchwork-Id: 10582159 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 24C5814BD for ; Thu, 30 Aug 2018 15:51:08 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 140332C0B2 for ; Thu, 30 Aug 2018 15:51:08 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 124A42C141; Thu, 30 Aug 2018 15:51:08 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI,T_DKIM_INVALID,UNPARSEABLE_RELAY autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id AD5C42C0E7 for ; Thu, 30 Aug 2018 15:51:07 +0000 (UTC) Received: from localhost ([::1]:49578 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fvPDu-00089z-T5 for patchwork-qemu-devel@patchwork.kernel.org; Thu, 30 Aug 2018 11:51:06 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:54700) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fvPCJ-0006mW-TI for qemu-devel@nongnu.org; Thu, 30 Aug 2018 11:49:31 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fvP8a-0005aO-AX for qemu-devel@nongnu.org; Thu, 30 Aug 2018 11:45:39 -0400 Received: from aserp2120.oracle.com ([141.146.126.78]:44708) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fvP8a-0005XV-1x for qemu-devel@nongnu.org; Thu, 30 Aug 2018 11:45:36 -0400 Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1]) by aserp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w7UFdGPT030732 for ; Thu, 30 Aug 2018 15:45:35 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : subject : date : message-id; s=corp-2018-07-02; bh=rtS+99oNiA4UxUxH4pFqOQsra7Vz0zlOKh7vCsj65mo=; b=NP8g8WkpW+jw3w3+xl+G8cWoTF6un8/LVGID7OvnvgnmOGVh/ZUso2axH2ikYLyqudfk 1FPZt446dxq2yFA/Vz+FIVy5JfeJTVzi6ffqbgSGakxhEXHieY7R7k+galLnEHURdOVl 9tLX5zbw0M2SuF40DKh13TfjF36WMBCZ4dcLAxbAmXz1Vde5irTaPqhjdzYji8Qm6U8D Va6X4meBvX6fzp3btIYr0gt/cEGWs4zYhogccb8jkPKVVIDjyEoyO2kaztmA3HXy8ofV INDNXGPgUj+SJ/Dmn1Bl6mztGnnULDSRRpEeZ4+0a9cm+xcIlEWNbPiAw0dxrlgMQkdJ 1w== Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74]) by aserp2120.oracle.com with ESMTP id 2m2y2pwhj2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Thu, 30 Aug 2018 15:45:35 +0000 Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by userv0022.oracle.com (8.14.4/8.14.4) with ESMTP id w7UFjSWc009599 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Thu, 30 Aug 2018 15:45:29 GMT Received: from abhmp0014.oracle.com (abhmp0014.oracle.com [141.146.116.20]) by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id w7UFjSld020721 for ; Thu, 30 Aug 2018 15:45:28 GMT Received: from ol7.uk.oracle.com (/10.175.215.81) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 30 Aug 2018 08:45:28 -0700 From: Liam Merwick To: qemu-devel@nongnu.org Date: Thu, 30 Aug 2018 16:47:03 +0100 Message-Id: <1535644031-848-1-git-send-email-Liam.Merwick@oracle.com> X-Mailer: git-send-email 1.8.3.1 X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9000 signatures=668708 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=1 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=874 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1808300162 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] X-Received-From: 141.146.126.78 Subject: [Qemu-devel] [PATCH 0/8] off-by-one and NULL pointer accesses detected by static analysis X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP Below are a number of fixes to some off-by-one, read outside array bounds, and NULL pointer accesses detected by an internal Oracle static analysis tool (Parfait). https://labs.oracle.com/pls/apex/f?p=labs:49:::::P49_PROJECT_ID:13 I have also included a patch to add a command-line option to configure to select if AVX2 is used or not (keeping the existing behaviour by default). My motivation was avoiding an issue with the static analysis tool but NetSpectre was announced as I was working on this and I felt it may have more general uses. Liam Merwick (8): configure: Provide option to explicitly disable AVX2 job: Fix off-by-one accesses to JobSTT and JobVerbTable block: Null pointer dereference in blk_root_get_parent_desc() qemu-img: potential Null pointer deref in img_commit() block: Fix potential Null pointer dereferences in vvfat.c block: dump_qlist() may dereference a Null pointer io: file descriptor not initialized in qio_channel_command_new_spawn() qcow2: Read outside array bounds in qcow2_pre_write_overlap_check() block/block-backend.c | 2 +- block/qcow2-refcount.c | 17 ++++++++------- block/vvfat.c | 56 ++++++++++++++++++++++++++++++++++++++++++++++++ configure | 11 ++++++++-- include/qapi/qmp/qlist.h | 6 ++++++ io/channel-command.c | 4 ++-- job.c | 4 ++-- qemu-img.c | 3 +++ 8 files changed, 88 insertions(+), 15 deletions(-)