diff mbox series

[for-3.1] replay: Exit on errors reading from replay log

Message ID 20181106153330.5139-1-peter.maydell@linaro.org
State New
Headers show
Series [for-3.1] replay: Exit on errors reading from replay log | expand

Commit Message

Peter Maydell Nov. 6, 2018, 3:33 p.m. UTC 
Currently replay_get_byte() does not check for an error
from getc(). Coverity points out (CID 1390622) that this
could result in unexpected behaviour (such as looping
forever, if we use the replay_get_dword() return value
for a loop count). We don't expect reads from the replay
log to fail, and if they do there is no way we can
continue. So make them fatal errors.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
Disclaimer: checked only with "make check".

 replay/replay-internal.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

Comments

Paolo Bonzini Nov. 6, 2018, 10:19 p.m. UTC | #1 
On 06/11/2018 16:33, Peter Maydell wrote:
> Currently replay_get_byte() does not check for an error
> from getc(). Coverity points out (CID 1390622) that this
> could result in unexpected behaviour (such as looping
> forever, if we use the replay_get_dword() return value
> for a loop count). We don't expect reads from the replay
> log to fail, and if they do there is no way we can
> continue. So make them fatal errors.
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
> Disclaimer: checked only with "make check".
> 
>  replay/replay-internal.c | 16 +++++++++++++---
>  1 file changed, 13 insertions(+), 3 deletions(-)
> 
> diff --git a/replay/replay-internal.c b/replay/replay-internal.c
> index 1cea1d4dc91..8f87e9b957e 100644
> --- a/replay/replay-internal.c
> +++ b/replay/replay-internal.c
> @@ -35,6 +35,12 @@ static void replay_write_error(void)
>      }
>  }
>  
> +static void replay_read_error(void)
> +{
> +    error_report("error reading the replay data");
> +    exit(1);
> +}
> +
>  void replay_put_byte(uint8_t byte)
>  {
>      if (replay_file) {
> @@ -83,7 +89,11 @@ uint8_t replay_get_byte(void)
>  {
>      uint8_t byte = 0;
>      if (replay_file) {
> -        byte = getc(replay_file);
> +        int r = getc(replay_file);
> +        if (r == EOF) {
> +            replay_read_error();
> +        }
> +        byte = r;
>      }
>      return byte;
>  }
> @@ -126,7 +136,7 @@ void replay_get_array(uint8_t *buf, size_t *size)
>      if (replay_file) {
>          *size = replay_get_dword();
>          if (fread(buf, 1, *size, replay_file) != *size) {
> -            error_report("replay read error");
> +            replay_read_error();
>          }
>      }
>  }
> @@ -137,7 +147,7 @@ void replay_get_array_alloc(uint8_t **buf, size_t *size)
>          *size = replay_get_dword();
>          *buf = g_malloc(*size);
>          if (fread(*buf, 1, *size, replay_file) != *size) {
> -            error_report("replay read error");
> +            replay_read_error();
>          }
>      }
>  }
> 

Makes sense, can you apply it directly to qemu.git as soon as Pavel
reviews it (or in some time if he doesn't)?

Thanks,

Paolo
Pavel Dovgalyuk Nov. 7, 2018, 7:50 a.m. UTC | #2 
> From: Peter Maydell [mailto:peter.maydell@linaro.org]
> Currently replay_get_byte() does not check for an error
> from getc(). Coverity points out (CID 1390622) that this
> could result in unexpected behaviour (such as looping
> forever, if we use the replay_get_dword() return value
> for a loop count). We don't expect reads from the replay
> log to fail, and if they do there is no way we can
> continue. So make them fatal errors.
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Reviewed-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>

> ---
> Disclaimer: checked only with "make check".
> 
>  replay/replay-internal.c | 16 +++++++++++++---
>  1 file changed, 13 insertions(+), 3 deletions(-)
> 
> diff --git a/replay/replay-internal.c b/replay/replay-internal.c
> index 1cea1d4dc91..8f87e9b957e 100644
> --- a/replay/replay-internal.c
> +++ b/replay/replay-internal.c
> @@ -35,6 +35,12 @@ static void replay_write_error(void)
>      }
>  }
> 
> +static void replay_read_error(void)
> +{
> +    error_report("error reading the replay data");
> +    exit(1);
> +}
> +
>  void replay_put_byte(uint8_t byte)
>  {
>      if (replay_file) {
> @@ -83,7 +89,11 @@ uint8_t replay_get_byte(void)
>  {
>      uint8_t byte = 0;
>      if (replay_file) {
> -        byte = getc(replay_file);
> +        int r = getc(replay_file);
> +        if (r == EOF) {
> +            replay_read_error();
> +        }
> +        byte = r;
>      }
>      return byte;
>  }
> @@ -126,7 +136,7 @@ void replay_get_array(uint8_t *buf, size_t *size)
>      if (replay_file) {
>          *size = replay_get_dword();
>          if (fread(buf, 1, *size, replay_file) != *size) {
> -            error_report("replay read error");
> +            replay_read_error();
>          }
>      }
>  }
> @@ -137,7 +147,7 @@ void replay_get_array_alloc(uint8_t **buf, size_t *size)
>          *size = replay_get_dword();
>          *buf = g_malloc(*size);
>          if (fread(*buf, 1, *size, replay_file) != *size) {
> -            error_report("replay read error");
> +            replay_read_error();
>          }
>      }
>  }
> --
> 2.19.1

Pavel Dovgalyuk
Peter Maydell Nov. 8, 2018, 2:42 p.m. UTC | #3 
On 6 November 2018 at 22:19, Paolo Bonzini <pbonzini@redhat.com> wrote:
> On 06/11/2018 16:33, Peter Maydell wrote:
>> Currently replay_get_byte() does not check for an error
>> from getc(). Coverity points out (CID 1390622) that this
>> could result in unexpected behaviour (such as looping
>> forever, if we use the replay_get_dword() return value
>> for a loop count). We don't expect reads from the replay
>> log to fail, and if they do there is no way we can
>> continue. So make them fatal errors.
>>
>> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
>> ---


> Makes sense, can you apply it directly to qemu.git as soon as Pavel
> reviews it (or in some time if he doesn't)?

Applied to master, thanks.

-- PMM
diff mbox series

Patch

diff --git a/replay/replay-internal.c b/replay/replay-internal.c
index 1cea1d4dc91..8f87e9b957e 100644
--- a/replay/replay-internal.c
+++ b/replay/replay-internal.c
@@ -35,6 +35,12 @@  static void replay_write_error(void)
     }
 }
 
+static void replay_read_error(void)
+{
+    error_report("error reading the replay data");
+    exit(1);
+}
+
 void replay_put_byte(uint8_t byte)
 {
     if (replay_file) {
@@ -83,7 +89,11 @@  uint8_t replay_get_byte(void)
 {
     uint8_t byte = 0;
     if (replay_file) {
-        byte = getc(replay_file);
+        int r = getc(replay_file);
+        if (r == EOF) {
+            replay_read_error();
+        }
+        byte = r;
     }
     return byte;
 }
@@ -126,7 +136,7 @@  void replay_get_array(uint8_t *buf, size_t *size)
     if (replay_file) {
         *size = replay_get_dword();
         if (fread(buf, 1, *size, replay_file) != *size) {
-            error_report("replay read error");
+            replay_read_error();
         }
     }
 }
@@ -137,7 +147,7 @@  void replay_get_array_alloc(uint8_t **buf, size_t *size)
         *size = replay_get_dword();
         *buf = g_malloc(*size);
         if (fread(*buf, 1, *size, replay_file) != *size) {
-            error_report("replay read error");
+            replay_read_error();
         }
     }
 }