25.09.2019 20:43, Stefan Hajnoczi wrote:
> From: Vladimir Sementsov-Ogievskiy <vsement...@virtuozzo.com>
>
> Make it more obvious, that filling qiov corresponds to qiov allocation,
> which in turn corresponds to total_niov calculation, based on mid_niov
> (not mid_len). Still add an assertion to show that there should be no
> difference.
>
> Reported-by: Coverity (CID 1405302)
> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsement...@virtuozzo.com>
> Message-id: 20190910090310.14032-1-vsement...@virtuozzo.com
> Suggested-by: Peter Maydell <peter.mayd...@linaro.org>
> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsement...@virtuozzo.com>
> Message-Id: <20190910090310.14032-1-vsement...@virtuozzo.com>
> Signed-off-by: Stefan Hajnoczi <stefa...@redhat.com>
> ---
> util/iov.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/util/iov.c b/util/iov.c
> index 5059e10431..a4689ff3c9 100644
> --- a/util/iov.c
> +++ b/util/iov.c
> @@ -446,7 +446,8 @@ void qemu_iovec_init_extended(
> p++;
> }
>
> - if (mid_len) {
> + assert(!mid_niov == !mid_len);
> + if (mid_niov) {
> memcpy(p, mid_iov, mid_niov * sizeof(*p));
> p[0].iov_base = (uint8_t *)p[0].iov_base + mid_head;
> p[0].iov_len -= mid_head;
>
Hmm, seems we have to squash in:
--- a/util/iov.c
+++ b/util/iov.c
@@ -423,7 +423,7 @@ void qemu_iovec_init_extended(
{
size_t mid_head, mid_tail;
int total_niov, mid_niov = 0;
- struct iovec *p, *mid_iov;
+ struct iovec *p, *mid_iov = NULL;
if (mid_len) {
mid_iov = qiov_slice(mid_qiov, mid_offset, mid_len,
--
Best regards,
Vladimir
