On Sun, 21 Jul 2019 at 10:04, Zhang Chen <chen.zh...@intel.com> wrote:
>
> From: Zhang Chen <chen.zh...@intel.com>
>
> This patch to fix the origin "char *data" memory leak, code style issue
> and add necessary check here.
> Reported-by: Coverity (CID 1402785)
>
> Signed-off-by: Zhang Chen <chen.zh...@intel.com>
> @@ -1008,21 +1019,24 @@ static void
> compare_notify_rs_finalize(SocketReadState *notify_rs)
> {
> CompareState *s = container_of(notify_rs, CompareState, notify_rs);
>
> - /* Get Xen colo-frame's notify and handle the message */
> - char *data = g_memdup(notify_rs->buf, notify_rs->packet_len);
> - char msg[] = "COLO_COMPARE_GET_XEN_INIT";
> + const char msg[] = "COLO_COMPARE_GET_XEN_INIT";
> int ret;
>
> - if (!strcmp(data, "COLO_USERSPACE_PROXY_INIT")) {
> + if (packet_matches_str("COLO_USERSPACE_PROXY_INIT",
> + notify_rs->buf,
> + notify_rs->packet_len)) {
> ret = compare_chr_send(s, (uint8_t *)msg, strlen(msg), 0, true);
> if (ret < 0) {
> error_report("Notify Xen COLO-frame INIT failed");
> }
> - }
> -
> - if (!strcmp(data, "COLO_CHECKPOINT")) {
> + } else if (packet_matches_str("COLO_CHECKPOINT",
> + notify_rs->buf,
> + notify_rs->packet_len)) {
> /* colo-compare do checkpoint, flush pri packet and remove sec
> packet */
> g_queue_foreach(&s->conn_list, colo_flush_packets, s);
> + } else {
> + error_report("COLO compare got unsupported instruction '%s'",
> + (char *)notify_rs->buf);
> }
The notify_rs->buf is not NUL-terminated, so you can't use it
in a %s format string like this. The simplest fix is just
to not try to print the contents of the incoming packet at all.
The rest of the patch looks good.
thanks
-- PMM
