qemu: avoid leaking uninit data from hotplug to dumpxml

Detected by Coverity. Both text and JSON monitors set only the bus and unit fields, which means driveAddr.controller spends life as garbage on the stack, and is then memcpy()'d into the in-memory representation which the user can see via dumpxml. * src/qemu/qemu_hotplug.c (qemuDomainAttachSCSIDisk): Only copy defined fields.
2024-07-11 12:25:52 +00:00 · 2011-10-21 17:09:17 -06:00 · 2011-10-21 17:09:17 -06:00 · 2c27dfaeb1
commit 2c27dfaeb1
parent 9981fc5828
1 changed files with 2 additions and 1 deletions
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@ -505,7 +505,8 @@ int qemuDomainAttachSCSIDisk(struct qemud_driver *driver,
            /* XXX we should probably validate that the addr matches
             * our existing defined addr instead of overwriting */
            disk->info.type = VIR_DOMAIN_DEVICE_ADDRESS_TYPE_DRIVE;
-            memcpy(&disk->info.addr.drive, &driveAddr, sizeof(driveAddr));
+            disk->info.addr.drive.bus = driveAddr.bus;
+            disk->info.addr.drive.unit = driveAddr.unit;
        }
    }
    qemuDomainObjExitMonitorWithDriver(driver, vm);