hw/misc/ivshmem-pci: Improve error handling
Coverity points out that the ivshmem-pci code has some error handling cases where it incorrectly tries to use an invalid filedescriptor. These generally happen because ivshmem_recv_msg() calls qemu_chr_fe_get_msgfd(), which might return -1, but the code in process_msg() generally assumes that the file descriptor was provided when it was supposed to be. In particular: * the error case in process_msg() only needs to close the fd if one was provided * process_msg_shmem() should fail if no fd was provided Coverity: CID 1508726 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Markus Armbruster <armbru@redhat.com> Message-id: 20250711145012.1521936-1-peter.maydell@linaro.org
This commit is contained in:
Peter Maydell
parent
655659a74a
commit
8ccd35f25c
1 changed files with 8 additions and 1 deletions
|
|
@ -479,6 +479,11 @@ static void process_msg_shmem(IVShmemState *s, int fd, Error **errp)
|
|||
struct stat buf;
|
||||
size_t size;
|
||||
|
||||
if (fd < 0) {
|
||||
error_setg(errp, "server didn't provide fd with shared memory message");
|
||||
return;
|
||||
}
|
||||
|
||||
if (s->ivshmem_bar2) {
|
||||
error_setg(errp, "server sent unexpected shared memory message");
|
||||
close(fd);
|
||||
|
|
@ -553,7 +558,9 @@ static void process_msg(IVShmemState *s, int64_t msg, int fd, Error **errp)
|
|||
|
||||
if (msg < -1 || msg > IVSHMEM_MAX_PEERS) {
|
||||
error_setg(errp, "server sent invalid message %" PRId64, msg);
|
||||
close(fd);
|
||||
if (fd >= 0) {
|
||||
close(fd);
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue