From 2c27dfaeb1881a77a9463fde56a8c314528194d1 Mon Sep 17 00:00:00 2001 From: Eric Blake Date: Fri, 21 Oct 2011 17:09:17 -0600 Subject: [PATCH] qemu: avoid leaking uninit data from hotplug to dumpxml Detected by Coverity. Both text and JSON monitors set only the bus and unit fields, which means driveAddr.controller spends life as garbage on the stack, and is then memcpy()'d into the in-memory representation which the user can see via dumpxml. * src/qemu/qemu_hotplug.c (qemuDomainAttachSCSIDisk): Only copy defined fields. --- src/qemu/qemu_hotplug.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index bfa524b9b4..037f4aa03c 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -505,7 +505,8 @@ int qemuDomainAttachSCSIDisk(struct qemud_driver *driver, /* XXX we should probably validate that the addr matches * our existing defined addr instead of overwriting */ disk->info.type = VIR_DOMAIN_DEVICE_ADDRESS_TYPE_DRIVE; - memcpy(&disk->info.addr.drive, &driveAddr, sizeof(driveAddr)); + disk->info.addr.drive.bus = driveAddr.bus; + disk->info.addr.drive.unit = driveAddr.unit; } } qemuDomainObjExitMonitorWithDriver(driver, vm);