From 1229e46d3cfe61ee0b11f08fbbc7530af1578637 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 16 Oct 2018 18:09:38 +0100 Subject: block/vhdx: Don't take address of fields in packed structs Taking the address of a field in a packed struct is a bad idea, because it might not be actually aligned enough for that pointer type (and thus cause a crash on dereference on some host architectures). Newer versions of clang warn about this. Avoid the bug by not using the "modify in place" byte swapping functions. There are a few places where the in-place swap function is used on something other than a packed struct field; we convert those anyway, for consistency. Patch produced with scripts/coccinelle/inplace-byteswaps.cocci. Signed-off-by: Peter Maydell Reviewed-by: Stefan Hajnoczi Signed-off-by: Kevin Wolf --- block/vhdx.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'block/vhdx.c') diff --git a/block/vhdx.c b/block/vhdx.c index 0795ca1..b785aef 100644 --- a/block/vhdx.c +++ b/block/vhdx.c @@ -156,7 +156,7 @@ uint32_t vhdx_update_checksum(uint8_t *buf, size_t size, int crc_offset) memset(buf + crc_offset, 0, sizeof(crc)); crc = crc32c(0xffffffff, buf, size); - cpu_to_le32s(&crc); + crc = cpu_to_le32(crc); memcpy(buf + crc_offset, &crc, sizeof(crc)); return crc; @@ -753,8 +753,8 @@ static int vhdx_parse_metadata(BlockDriverState *bs, BDRVVHDXState *s) goto exit; } - le32_to_cpus(&s->params.block_size); - le32_to_cpus(&s->params.data_bits); + s->params.block_size = le32_to_cpu(s->params.block_size); + s->params.data_bits = le32_to_cpu(s->params.data_bits); /* We now have the file parameters, so we can tell if this is a @@ -803,9 +803,9 @@ static int vhdx_parse_metadata(BlockDriverState *bs, BDRVVHDXState *s) goto exit; } - le64_to_cpus(&s->virtual_disk_size); - le32_to_cpus(&s->logical_sector_size); - le32_to_cpus(&s->physical_sector_size); + s->virtual_disk_size = le64_to_cpu(s->virtual_disk_size); + s->logical_sector_size = le32_to_cpu(s->logical_sector_size); + s->physical_sector_size = le32_to_cpu(s->physical_sector_size); if (s->params.block_size < VHDX_BLOCK_SIZE_MIN || s->params.block_size > VHDX_BLOCK_SIZE_MAX) { @@ -985,7 +985,7 @@ static int vhdx_open(BlockDriverState *bs, QDict *options, int flags, /* endian convert, and verify populated BAT field file offsets against * region table and log entries */ for (i = 0; i < s->bat_entries; i++) { - le64_to_cpus(&s->bat[i]); + s->bat[i] = le64_to_cpu(s->bat[i]); if (payblocks--) { /* payload bat entries */ if ((s->bat[i] & VHDX_BAT_STATE_BIT_MASK) == @@ -1509,7 +1509,7 @@ static int vhdx_create_new_metadata(BlockBackend *blk, mt_file_params->block_size = cpu_to_le32(block_size); if (type == VHDX_TYPE_FIXED) { mt_file_params->data_bits |= VHDX_PARAMS_LEAVE_BLOCKS_ALLOCED; - cpu_to_le32s(&mt_file_params->data_bits); + mt_file_params->data_bits = cpu_to_le32(mt_file_params->data_bits); } vhdx_guid_generate(&mt_page83->page_83_data); @@ -1656,7 +1656,7 @@ static int vhdx_create_bat(BlockBackend *blk, BDRVVHDXState *s, sinfo.file_offset = ROUND_UP(sinfo.file_offset, MiB); vhdx_update_bat_table_entry(blk_bs(blk), s, &sinfo, &unused, &unused, block_state); - cpu_to_le64s(&s->bat[sinfo.bat_idx]); + s->bat[sinfo.bat_idx] = cpu_to_le64(s->bat[sinfo.bat_idx]); sector_num += s->sectors_per_block; } ret = blk_pwrite(blk, file_offset, s->bat, length, 0); -- cgit v1.1