On Fri, 3 Oct 2025 at 16:40, Peter Xu <[email protected]> wrote:
>
> From: Steve Sistare <[email protected]>
>
> Add the cpr-exec migration mode. Usage:
> qemu-system-$arch -machine aux-ram-share=on ...
> migrate_set_parameter mode cpr-exec
> migrate_set_parameter cpr-exec-command \
> <arg1> <arg2> ... -incoming <uri-1> \
> migrate -d <uri-1>
Hi; Coverity complains about this code (CID 1641397):
> +static void cpr_exec_cb(void *opaque)
> +{
> + MigrationState *s = migrate_get_current();
> + char **argv = strv_from_str_list(s->parameters.cpr_exec_command);
> + Error *err = NULL;
> +
> + /*
> + * Clear the close-on-exec flag for all preserved fd's. We cannot do so
> + * earlier because they should not persist across miscellaneous fork and
> + * exec calls that are performed during normal operation.
> + */
> + cpr_exec_preserve_fds();
> +
> + trace_cpr_exec();
> + execvp(argv[0], argv);
> +
> + /*
> + * exec should only fail if argv[0] is bogus, or has a permissions
> problem,
> + * or the system is very short on resources.
> + */
> + g_strfreev(argv);
Here we free the argv array...
> + cpr_exec_unpreserve_fds();
> +
> + error_setg_errno(&err, errno, "execvp %s failed", argv[0]);
...but here we read from the freed memory argv[0].
Presumably we can just move the free down a bit ?
-- PMM
