Coverity warns that we store the address of a stack variable through a
pointer passed in by the caller, which would let the caller trivially
trigger use-after-free if that stored value is still present when we
finish execution. However, the way coroutines work is that after our
call to qemu_coroutine_yield(), control is temporarily continued in
the caller prior to our function concluding, and in order to resume
our coroutine, the caller must poll until the variable has been set to
NULL. Thus, we can add an assert that we do not leak stack storage to
the caller on function exit.
Fixes: Coverity CID 1406474
CC: Peter Maydell <peter.mayd...@linaro.org>
Signed-off-by: Eric Blake <ebl...@redhat.com>
Message-Id: <20191111203524.21912-1-ebl...@redhat.com>
Reviewed-by: Alex Bennée <alex.ben...@linaro.org>
---
util/qemu-coroutine-sleep.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/util/qemu-coroutine-sleep.c b/util/qemu-coroutine-sleep.c
index ae91b92b6e78..769a76e57df0 100644
--- a/util/qemu-coroutine-sleep.c
+++ b/util/qemu-coroutine-sleep.c
@@ -68,5 +68,12 @@ void coroutine_fn qemu_co_sleep_ns_wakeable(QEMUClockType
type, int64_t ns,
}
timer_mod(state.ts, qemu_clock_get_ns(type) + ns);
qemu_coroutine_yield();
+ if (sleep_state) {
+ /*
+ * Note that *sleep_state is cleared during qemu_co_sleep_wake
+ * before resuming this coroutine.
+ */
+ assert(*sleep_state == NULL);
+ }
timer_free(state.ts);
}
--
2.21.0
