Re: [PULL 1/2] util/ioc.c: try to reassure Coverity about qemu_iovec_init_extended

[Vladimir Sementsov-Ogievskiy]

25.09.2019 20:43, Stefan Hajnoczi wrote:
> From: Vladimir Sementsov-Ogievskiy <vsement...@virtuozzo.com>
> 
> Make it more obvious, that filling qiov corresponds to qiov allocation,
> which in turn corresponds to total_niov calculation, based on mid_niov
> (not mid_len). Still add an assertion to show that there should be no
> difference.
> 
> Reported-by: Coverity (CID 1405302)
> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsement...@virtuozzo.com>
> Message-id: 20190910090310.14032-1-vsement...@virtuozzo.com
> Suggested-by: Peter Maydell <peter.mayd...@linaro.org>
> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsement...@virtuozzo.com>
> Message-Id: <20190910090310.14032-1-vsement...@virtuozzo.com>
> Signed-off-by: Stefan Hajnoczi <stefa...@redhat.com>
> ---
>   util/iov.c | 3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/util/iov.c b/util/iov.c
> index 5059e10431..a4689ff3c9 100644
> --- a/util/iov.c
> +++ b/util/iov.c
> @@ -446,7 +446,8 @@ void qemu_iovec_init_extended(
>           p++;
>       }
>   
> -    if (mid_len) {
> +    assert(!mid_niov == !mid_len);
> +    if (mid_niov) {
>           memcpy(p, mid_iov, mid_niov * sizeof(*p));
>           p[0].iov_base = (uint8_t *)p[0].iov_base + mid_head;
>           p[0].iov_len -= mid_head;
> 


Hmm, seems we have to squash in:

--- a/util/iov.c
+++ b/util/iov.c
@@ -423,7 +423,7 @@ void qemu_iovec_init_extended(
  {
      size_t mid_head, mid_tail;
      int total_niov, mid_niov = 0;
-    struct iovec *p, *mid_iov;
+    struct iovec *p, *mid_iov = NULL;

      if (mid_len) {
          mid_iov = qiov_slice(mid_qiov, mid_offset, mid_len,


-- 
Best regards,
Vladimir