diff options
| author | Eric Blake | 2020-03-20 16:05:07 +0100 |
|---|---|---|
| committer | Michael Roth | 2020-03-24 17:32:19 +0100 |
| commit | a23f38a72921fa915536a981a4f8a9134512f120 (patch) | |
| tree | dcab1333de8db880f53282a2a089b731d485f202 | |
| parent | qga-win: prevent crash when executing guest-file-read with large count (diff) | |
| download | qemu-a23f38a72921fa915536a981a4f8a9134512f120.tar.gz qemu-a23f38a72921fa915536a981a4f8a9134512f120.tar.xz qemu-a23f38a72921fa915536a981a4f8a9134512f120.zip | |
qga: Fix undefined C behavior
The QAPI struct GuestFileWhence has a comment about how we are
exploiting equivalent values between two different integer types
shared in a union. But C says behavior is undefined on assignments to
overlapping storage when the two types are not the same width, and
indeed, 'int64_t value' and 'enum QGASeek name' are very likely to be
different in width. Utilize a temporary variable to fix things.
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Fixes: 0b4b49387
Fixes: Coverity CID 1421990
Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
| -rw-r--r-- | qga/commands.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/qga/commands.c b/qga/commands.c index f8852beb9c..4471a9f08d 100644 --- a/qga/commands.c +++ b/qga/commands.c @@ -482,10 +482,15 @@ done: * the guest's SEEK_ constants. */ int ga_parse_whence(GuestFileWhence *whence, Error **errp) { - /* Exploit the fact that we picked values to match QGA_SEEK_*. */ + /* + * Exploit the fact that we picked values to match QGA_SEEK_*; + * however, we have to use a temporary variable since the union + * members may have different size. + */ if (whence->type == QTYPE_QSTRING) { + int value = whence->u.name; whence->type = QTYPE_QNUM; - whence->u.value = whence->u.name; + whence->u.value = value; } switch (whence->u.value) { case QGA_SEEK_SET: |