« Previous | Next » 

Revision bbdd2ad0

IDbbdd2ad0814ea0911076419ea21b7957505cf1cc

Added by David Gibson over 11 years ago

qemu-char: BUGFIX, don't call FD_ISSET with negative fd

tcp_chr_connect(), unlike for example udp_chr_update_read_handler() does
not check if the fd it is using is valid (>= 0) before passing it to
qemu_set_fd_handler2(). If using e.g. a TCP serial port, which is not
initially connected, this can result in -1 being passed to FD_ISSET, which
has undefined behaviour. On x86 it seems to harmlessly return 0, but on
PowerPC, it causes a fortify buffer overflow error to be thrown.

This patch fixes this by putting an extra test in tcp_chr_connect(), and
also adds an assert qemu_set_fd_handler2() to catch other such errors on
all platforms, rather than just some.

Signed-off-by: David Gibson <>
Signed-off-by: Anthony Liguori <>

Files

  • added
  • modified
  • copied
  • renamed
  • deleted

View differences