Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/2224226/?format=api
{ "id": 2224226, "url": "http://patchwork.ozlabs.org/api/patches/2224226/?format=api", "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/patch/20260417-virtio-fixups-v2-2-4a0d8636a628@linaro.org/", "project": { "id": 14, "url": "http://patchwork.ozlabs.org/api/projects/14/?format=api", "name": "QEMU Development", "link_name": "qemu-devel", "list_id": "qemu-devel.nongnu.org", "list_email": "qemu-devel@nongnu.org", "web_url": "", "scm_url": "", "webscm_url": "", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260417-virtio-fixups-v2-2-4a0d8636a628@linaro.org>", "list_archive_url": null, "date": "2026-04-17T05:10:10", "name": "[v2,2/2] virtio-snd: check for overflow before g_malloc0", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "91f3c69510feaae3ed24576e7477a25249acf46a", "submitter": { "id": 86526, "url": "http://patchwork.ozlabs.org/api/people/86526/?format=api", "name": "Manos Pitsidianakis", "email": "manos.pitsidianakis@linaro.org" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/qemu-devel/patch/20260417-virtio-fixups-v2-2-4a0d8636a628@linaro.org/mbox/", "series": [ { "id": 500238, "url": "http://patchwork.ozlabs.org/api/series/500238/?format=api", "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/list/?series=500238", "date": "2026-04-17T05:10:09", "name": "More virtio-snd fortifications/coverity fixes", "version": 2, "mbox": "http://patchwork.ozlabs.org/series/500238/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2224226/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2224226/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256\n header.s=google header.b=zQgFPCtW;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists1p.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)" ], "Received": [ "from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fxjfK0VvQz1yDF\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 17 Apr 2026 15:11:37 +1000 (AEST)", "from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists1p.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from <qemu-devel-bounces@nongnu.org>)\n\tid 1wDbTH-0006rf-0e; Fri, 17 Apr 2026 01:10:27 -0400", "from eggs.gnu.org ([2001:470:142:3::10])\n by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <manos.pitsidianakis@linaro.org>)\n id 1wDbTE-0006qe-77\n for qemu-devel@nongnu.org; Fri, 17 Apr 2026 01:10:24 -0400", "from mail-wr1-x42c.google.com ([2a00:1450:4864:20::42c])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.90_1) (envelope-from <manos.pitsidianakis@linaro.org>)\n id 1wDbTB-0002O0-BX\n for qemu-devel@nongnu.org; Fri, 17 Apr 2026 01:10:22 -0400", "by mail-wr1-x42c.google.com with SMTP id\n ffacd0b85a97d-43cfbd17589so162046f8f.0\n for <qemu-devel@nongnu.org>; Thu, 16 Apr 2026 22:10:19 -0700 (PDT)", "from [127.0.1.1] (athedsl-4440559.home.otenet.gr. [79.129.177.223])\n by smtp.gmail.com with ESMTPSA id\n ffacd0b85a97d-43fe4e3a18csm1749524f8f.20.2026.04.16.22.10.16\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Thu, 16 Apr 2026 22:10:17 -0700 (PDT)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=linaro.org; s=google; t=1776402618; x=1777007418; darn=nongnu.org;\n h=cc:to:in-reply-to:references:message-id:content-transfer-encoding\n :mime-version:subject:date:from:from:to:cc:subject:date:message-id\n :reply-to; bh=MO94xCcoU6UDdF1hpEURZaIY79fEZkBmJ9yGiyO6ciM=;\n b=zQgFPCtWQiiRRbUxfInQ6E3PsqEjv7L6smopFhJN1oMgLXm062fbK2GUoiNMX5+aBG\n 32BDrDxyt4x+IsSGIsnPZu0qx/Z42zRyA4CXT70PMVNkjEg6ZkcWoFVALR3uuK5vMk6S\n xPjvHDZ1UR4orNhpFiz9daesFlAdZE1pCNlfz0UjgwK060DfEQFQ76xu/Mo/g8FJS0N6\n zfv048eusQrLoreEYUXZbvL06tn3Y/yG7x2NaMr8u7qWR4hD/tv5BiMufXiy2s9Mgvfr\n OcwvoHCRR6fP8hW/q4ohs2gM+nk+APNLfC355oHGLBJsyl5LPUjfxR2u97sZQDl9ymvW\n 4H5g==", "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1776402618; x=1777007418;\n h=cc:to:in-reply-to:references:message-id:content-transfer-encoding\n :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to\n :cc:subject:date:message-id:reply-to;\n bh=MO94xCcoU6UDdF1hpEURZaIY79fEZkBmJ9yGiyO6ciM=;\n b=QUa9KkF4/3DgfCCMdB16CxpSLwIKQ6zBCbGl6LffJnUjS4Sw6kzex7gRqofOs60d2i\n 0Hf4Q52fC0nUyOMCbVfKohnA1Nb3EEYNZFBWquNQnuDIJ9bZrqeq32/0smVxh8oETi6+\n zYsdRnMzRACG05h0ncP8Y+YHHWNOyQMG3rgSd4eLbP59nphJA6lVQokU2smZZxPd7zoQ\n dL7YEHcs+nKXWMFyrHND8DTEOGR2MxWoaAPPIBFxqHSOJOF1nCLM0eBTYTetmbWW/oWA\n mLgh15tI7Gwwd2+y4jJrKnDsTajMz1yksznekEyHiF8DsnCMjKS27IsMx2LS1Gikp5i5\n DosA==", "X-Gm-Message-State": "AOJu0YzClkvT135vPMBkkHkvsL8gB88H8INyjNMKHyyyA9PzE5qEu8fZ\n JRIHN+KX9aCZ84j8HXdmz5g/gur0VXvjyBOsBPaq1D6rZmz8HffhV/r0gAIT+0AW1xCWNAVirGo\n oh0mdG4g=", "X-Gm-Gg": "AeBDievETTI27Jv7MtlaP8fuAqu4jMtCcp9dkBBSTGY2DZS0XiIqTSlzMBolD34jzYP\n IOAuSuenaTieUgTF9OSjco3Vx+pFbooFfWiLJpZK5iGufhVjMkEiEp4J34JBEEHpgZM3cjgOGaD\n 5/Vx7Do31qRnJQ8AjU8mBXEKYUGlHy8bBb+KnfY7w7WaOMKN6DjAbfNcdMUqoHDl3zC3SZeFNOr\n 8tHVR1DqcRIKS0dmATjSX13kDxRJQ6FHKtlT6Rn7OwGGyCrDx8NRl2nv3cSOhikT2pMLQmAfZug\n 95xqrAlw2sVaQPj7808JOi5IYFqAVdA1q2/idx+GzEmEdgaAOBOrW7SJSpjxWN7k1iPUvmfvlUg\n gqbd+1W7nn2QNpMRH95FiNRxhkRSui7qZiLdShys/SVyLAvM9a5REkRdaSNb6R3dojnmNHOYCEI\n 6gGHJF5Du7N0LM2suKDeiZJd/7L10boqVLpkKLU9h9L3eFCZ0NcOP0fJEgw5EVtk+qvZKqpYpct\n eoDzgFuZEwEh9HgDc/t6xR7IvX6FAUDvoETLIuMecU71gy7c+yW9s4EKDHXgw==", "X-Received": "by 2002:adf:fcc9:0:b0:43f:e4f1:bd9b with SMTP id\n ffacd0b85a97d-43fe4f1bdf7mr467208f8f.30.1776402617728;\n Thu, 16 Apr 2026 22:10:17 -0700 (PDT)", "From": "Manos Pitsidianakis <manos.pitsidianakis@linaro.org>", "Date": "Fri, 17 Apr 2026 08:10:10 +0300", "Subject": "[PATCH v2 2/2] virtio-snd: check for overflow before g_malloc0", "MIME-Version": "1.0", "Content-Type": "text/plain; charset=\"utf-8\"", "Content-Transfer-Encoding": "7bit", "Message-Id": "<20260417-virtio-fixups-v2-2-4a0d8636a628@linaro.org>", "References": "<20260417-virtio-fixups-v2-0-4a0d8636a628@linaro.org>", "In-Reply-To": "<20260417-virtio-fixups-v2-0-4a0d8636a628@linaro.org>", "To": "qemu-devel@nongnu.org", "Cc": "Gerd Hoffmann <kraxel@redhat.com>, \"Michael S. Tsirkin\" <mst@redhat.com>,\n\t=?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= <philmd@linaro.org>, =?utf-8?q?Alex?=\n\t=?utf-8?q?_Benn=C3=A9e?= <alex.bennee@linaro.org>,\n Richard Henderson <richard.henderson@linaro.org>, qemu-stable@nongnu.org,\n Manos Pitsidianakis <manos.pitsidianakis@linaro.org>", "X-Mailer": "b4 0.14.2", "X-Developer-Signature": "v=1; a=openpgp-sha256; l=2754;\n i=manos.pitsidianakis@linaro.org; h=from:subject:message-id;\n bh=Bq62Ohx1DaKj6RUXlcem2LCLdDkwbtcNdp7LNhLzatg=;\n b=LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tCgpvd0VCYlFLUy9aQU5Bd0FLQVhjcHgzQi9mZ\n 25RQWNzbVlnQnA0Y0MyRWNoUE1oRWVSZ1hZTGg3UndTMHJlS0xaClc3U1hFWG0vbVNrSUJTM3dZ\n VWFKQWpNRUFBRUtBQjBXSVFUTVhCdE9SS0JXODRkd0hSQjNLY2R3ZjM0SjBBVUMKYWVIQXRnQUt\n DUkIzS2Nkd2YzNEowTGNrRUFDTEt1THlOdnZ3YXVtUEhUWnB4MWk3MHRHTGovRUxzL3RuSnJZZg\n pKTHhJcXhpbWZFWW14VDc0Ujd0YUhMdDhWb2c4dmxVT0hicWVpYUswN2U2TTJQdlorZlY3bjhXd\n Vphb3JERzQvClNxZnNzSzdkdUNQVmRGbm5YNzJMWVdWYkVOQTk3a2dWdG9NV01yWkdHV3AxZUhQ\n Z2dzV1JrRFlSMVhBWGhLUnUKUktYcmZnM0hGbG9EbnZPOTZkdVI1aEVtTjUxQWFzUVpqcjY5SEN\n OWGdQV0N2blI0TlB6a0Q3SXQ5blU5MmdOSApkajlHK0FZcXI2UHdUTGMvUjUrN1UwTHQrMWhxOU\n JwKzVSOTc0OFBoNC9mWXNJMkdkQm1hdGNvb2hwNHZELzMrCjhBTVBZaG5DMXBCd00yY3JrOVhGM\n 2lvQzUvS3h4T3YxOXlUS0orY29xZk9iL0lMcHlIREpCQlBtSE4vWkpTUXUKSm4wSU11aUdDdENu\n dDNGaDhQMTkrNzNkYlVnVmFOYkVSTlZ3N1YwdnJ1Vm9MMmlJL3R2VzVTOVlCS1BBbmRBWQpsTEh\n aUFl0ZldDT1lqMGdUV0dzQVFwK0l6QzNQMTRDL3lLNTlVeUdTeHhIN1RrUHhEVFdwWXozWEdyc1\n Y0OGprCnNqYWI0R1IvOExtdnpXR1JZdFJOVmFUMDMrNjZWWEpSbXlPTUVDQVJBcGFOclZ6WHlOR\n ERtL3lHUk5sY1J3L1IKTEV3V3dITFdIbTZPOHkyelp1alA5aVFsM3VsdnFLZEx2MHdjbTBZeTAv\n SDB1NGxpbXM4cjBibDByVlJvUWtWcwpROUJOYzRkaElMUmRyemZYRW5JOWFvOU1SS0JJNEswVGx\n xSnNYaWNvTE9SbjlnZE5qeXIxbUJHUUpPc1dteUZWCmJRVUhSdz09Cj02YWl2Ci0tLS0tRU5EIF\n BHUCBNRVNTQUdFLS0tLS0K", "X-Developer-Key": "i=manos.pitsidianakis@linaro.org; a=openpgp;\n fpr=7C721DF9DB3CC7182311C0BF68BC211D47B421E1", "Received-SPF": "pass client-ip=2a00:1450:4864:20::42c;\n envelope-from=manos.pitsidianakis@linaro.org; helo=mail-wr1-x42c.google.com", "X-Spam_score_int": "-20", "X-Spam_score": "-2.1", "X-Spam_bar": "--", "X-Spam_report": "(-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,\n DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,\n RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,\n SPF_PASS=-0.001 autolearn=ham autolearn_force=no", "X-Spam_action": "no action", "X-BeenThere": "qemu-devel@nongnu.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "qemu development <qemu-devel.nongnu.org>", "List-Unsubscribe": "<https://lists.nongnu.org/mailman/options/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>", "List-Archive": "<https://lists.nongnu.org/archive/html/qemu-devel>", "List-Post": "<mailto:qemu-devel@nongnu.org>", "List-Help": "<mailto:qemu-devel-request@nongnu.org?subject=help>", "List-Subscribe": "<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=subscribe>", "Errors-To": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org", "Sender": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org" }, "content": "Coverity points out one g_malloc0 overflow, but it seems to be a false\npositive. Add a check to it regardless to fortify the code, and also add\nchecks for every other g_malloc0 use.\n\nSigned-off-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>\n---\n hw/audio/virtio-snd.c | 16 ++++++++++++----\n 1 file changed, 12 insertions(+), 4 deletions(-)", "diff": "diff --git a/hw/audio/virtio-snd.c b/hw/audio/virtio-snd.c\nindex 93fbcfb43f7fdcfd5c164b496015da743822f5eb..694bcebb60f6c866346470672cc798b3271ae34f 100644\n--- a/hw/audio/virtio-snd.c\n+++ b/hw/audio/virtio-snd.c\n@@ -850,7 +850,7 @@ static void virtio_snd_handle_tx_xfer(VirtIODevice *vdev, VirtQueue *vq)\n VirtIOSound *vsnd = VIRTIO_SND(vdev);\n VirtIOSoundPCMBuffer *buffer;\n VirtQueueElement *elem;\n- size_t msg_sz, size;\n+ size_t msg_sz, size, tmp;\n virtio_snd_pcm_xfer hdr;\n uint32_t stream_id;\n /*\n@@ -880,6 +880,8 @@ static void virtio_snd_handle_tx_xfer(VirtIODevice *vdev, VirtQueue *vq)\n if (msg_sz != sizeof(virtio_snd_pcm_xfer)) {\n goto tx_err;\n }\n+ assert(iov_size(elem->out_sg, elem->out_num) >= msg_sz);\n+ size = iov_size(elem->out_sg, elem->out_num) - msg_sz;\n stream_id = le32_to_cpu(hdr.stream_id);\n \n if (stream_id >= vsnd->snd_conf.streams\n@@ -892,9 +894,11 @@ static void virtio_snd_handle_tx_xfer(VirtIODevice *vdev, VirtQueue *vq)\n goto tx_err;\n }\n \n+ /* Check for g_malloc0 overflow. */\n+ if (!g_size_checked_add(&tmp, sizeof(VirtIOSoundPCMBuffer), size)) {\n+ goto tx_err;\n+ }\n WITH_QEMU_LOCK_GUARD(&stream->queue_mutex) {\n- size = iov_size(elem->out_sg, elem->out_num) - msg_sz;\n-\n buffer = g_malloc0(sizeof(VirtIOSoundPCMBuffer) + size);\n buffer->elem = elem;\n buffer->populated = false;\n@@ -932,7 +936,7 @@ static void virtio_snd_handle_rx_xfer(VirtIODevice *vdev, VirtQueue *vq)\n VirtIOSound *vsnd = VIRTIO_SND(vdev);\n VirtIOSoundPCMBuffer *buffer;\n VirtQueueElement *elem;\n- size_t msg_sz, size;\n+ size_t msg_sz, size, tmp;\n virtio_snd_pcm_xfer hdr;\n uint32_t stream_id;\n /*\n@@ -977,6 +981,10 @@ static void virtio_snd_handle_rx_xfer(VirtIODevice *vdev, VirtQueue *vq)\n goto rx_err;\n }\n size -= sizeof(virtio_snd_pcm_status);\n+ /* Check for g_malloc0 overflow. */\n+ if (!g_size_checked_add(&tmp, sizeof(VirtIOSoundPCMBuffer), size)) {\n+ goto rx_err;\n+ }\n WITH_QEMU_LOCK_GUARD(&stream->queue_mutex) {\n buffer = g_malloc0(sizeof(VirtIOSoundPCMBuffer) + size);\n buffer->elem = elem;\n", "prefixes": [ "v2", "2/2" ] }