On Mon, Sep 17, 2012 at 01:24:51PM -0500, Anthony Liguori wrote:
> David Gibson <da...@gibson.dropbear.id.au> writes:
>
> > tcp_chr_connect(), unlike for example udp_chr_update_read_handler() does
> > not check if the fd it is using is valid (>= 0) before passing it to
> > qemu_set_fd_handler2(). If using e.g. a TCP serial port, which is not
> > initially connected, this can result in -1 being passed to FD_ISSET, which
> > has undefined behaviour. On x86 it seems to harmlessly return 0, but on
> > PowerPC, it causes a fortify buffer overflow error to be thrown.
> >
> > This patch fixes this by putting an extra test in tcp_chr_connect(), and
> > also adds an assert qemu_set_fd_handler2() to catch other such errors on
> > all platforms, rather than just some.
> >
> > Signed-off-by: David Gibson <da...@gibson.dropbear.id.au>
>
> Applied. Thanks.
Excellent.
Fwiw, I think this one should go into the stable branch, too.
--
David Gibson | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
