Re: [qemu-s390x] [Qemu-devel] [PATCH 10/14] usb-mtp: avoid warning about unaligned access to filename

[Daniel P . Berrangé]

On Fri, Mar 29, 2019 at 12:04:45PM +0000, Peter Maydell wrote:
> On Fri, 29 Mar 2019 at 11:22, Daniel P. Berrangé <address@hidden> wrote:
> >
> > The 'filename' field in ObjectInfo struct is declared as a
> > zero length array of uint16_t. Accessing it is equivalent
> > to taking the address of the field, and taking the address
> > of fields in a packed struct causes unaligned pointer
> > warnings:
> >
> > hw/usb/dev-mtp.c: In function ‘usb_mtp_write_metadata’:
> > hw/usb/dev-mtp.c:1712:36: warning: taking address of packed member of 
> > ‘struct <anonymous>’ may result in an unaligned pointer value 
> > [-Waddress-of-packed-member]
> >  1712 |                             dataset->filename);
> >       |                             ~~~~~~~^~~~~~~~~~
> 
> This one's come up before -- see
> http://patchwork.ozlabs.org/patch/1049654/
> and my comments on it. I think that utf16_to_str()
> should take a byte array and use the appropriate
> lduw_*_p() function to read from it, and that we
> need to think more carefully about endianness and
> about the "malicious short buffer" case.

Yeah this code is even more of a disaster than i realized. This filename
handling is probably CVE worthy.


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|