Re: [PATCH 0/2] Fix pointer arithmetic in indirect read for libvhost-user and libvduse

[Тимур]

Hello, I am very sorry for bothering community on a such minor problem again, but I got no response for a few weeks, so maybe I have started thread on a wrong mailing list, so I made an issue in gitlab issue tracker: https://gitlab.com/qemu-project/qemu/-/issues/2149 referencing this thread.

Maybe, it would help attract proper eyes to such a simple problem, so no one bothers in trying to fix it, albeit it lives in the codebase for some time already and is being copied around.

Sincerely,

Temir.

сб, 13 янв. 2024 г. в 04:28, Temir Zharaspayev <masscry@gmail.com>:

Hello! I have found a problem with virtqueue_read_indirect_desc function, which
was advancing pointer to struct as it was a byte pointer, so every element
comming after first chunk would be copied somewhere out of buffer.

As I understand this is cold path, but nevertheless worth fixing.

Also, exacly same problem in vduse_queue_read_indirect_desc function, because
as I understand it is a copy of virtqueue_read_indirect_desc with vduse
backend.

I was not sure if element of scattered buffer may end in the middle of
vring_desc struct data, so instead of writing
desc += read_len/sizeof(struct vring_desc)
have implemented fix with proper byte pointer arithmetic.

Sincerely,
Temir.

Temir Zharaspayev (2):
  libvhost-user: Fix pointer arithmetic in indirect read
  libvduse: Fix pointer arithmetic in indirect read

 subprojects/libvduse/libvduse.c           | 11 ++++++-----
 subprojects/libvhost-user/libvhost-user.c | 11 ++++++-----
 2 files changed, 12 insertions(+), 10 deletions(-)

--
2.34.1