Bug 757713

Summary: File name completion in monitor can append '/' when it shouldn't
Product: Red Hat Enterprise Linux 6 Reporter: Markus Armbruster <armbru>
Component: qemu-kvmAssignee: Markus Armbruster <armbru>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.2CC: acathrow, bsarathy, chayang, juzhang, minovotn, mkenneth, qzhang, tburke, virt-maint
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: qemu-kvm-0.12.1.2-2.211.el6 Doc Type: Bug Fix
Doc Text:
Cause: Monitor file name completion code checks for directory incorrectly; the result is random. Consequence: Completion can append a slash even when the completed name doesn't refer to a directory. Fix: Fix the check for directory. Result: Completion adds slash only when the completed name refers to a directory.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2012-06-20 11:37:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Markus Armbruster 2011-11-28 13:39:17 UTC 
Description of problem:
Completion appends '/' when it completes a directory name.  The code uses stat() to test, but ignores errors.  When stat() fails, it tests uninitialized stack memory.

How reproducible:
Always for me right now, but my recipe is not 100% reliable due to the nature of the bug.

Steps to Reproduce:
1. Create a directory and a dangling symbolic link:
$ mkdir dir
$ ln -s nonexist dangle
2. Run
$ qemu-kvm --nodefaults --enable-kvm -vnc :0 -m 384 -monitor stdio
3. Since the bug bites only when the stack contains the "right" crap bits, put them there by completing a directory name:
(qemu) screendump di
Do not hit <RET> here, just <TAB> to complete "di".
4. Complete the dangling symlink name.  Edit the current line to read
(qemu) screendump da
Then hit <TAB> again.

Actual results:
Step 3 completes "di" to "dir/"
Step 4 completes "da" to "dangle/"

Expected results:
Step 4 completes "da" to "dangle"

Additional info:
Fixed upstream in commit c951d9a6.
Comment 6 Chao Yang 2012-01-29 09:34:56 UTC 
Reproduced this issue with following steps and environment:

# rpm -q qemu-kvm;uname -r
qemu-kvm-0.12.1.2-2.209.el6.x86_64
2.6.32-220.el6.x86_64

Steps:
1. Create a directory and a dangling symbolic link:
# mkdir abc
# ln -s a_filename_does_not_exist aaa
2. Launch a guest and issue below commands in monitor:
CLI:/usr/libexec/qemu-kvm -M rhel6.2.0 -enable-kvm -m 2048 -smp
2,sockets=1,cores=2,threads=1 -name test -uuid `uuidgen` -rtc
base=utc,clock=host,driftfix=slew -boot menu=on -drive
file=/home/test.qcow2,if=none,id=drive-virtio-0-0,media=disk,format=qcow2,cache=none,werror=stop,rerror=stop
-device virtio-blk-pci,drive=drive-virtio-0-0,id=virt0-0-0 -net none -usb
-device usb-tablet,id=input1 -spice port=9000,disable-ticketing -vga qxl
-global qxl-vga.vram_size=67108864 -monitor stdio -balloon none
2.1 
(qemu) screendump ab
Hit <TAB> to complete "abc"
2.2
(qemu) screendump aa
Hit <TAB> to complete "aaa"

Actual Result:
After step 2.1, it completes "ab" to "abc/"
After step 2.2, it completes "aa" to "aaa/"(it shouldn't append '/')

-------------
Verified in the following environment with same steps and CLI mentioned above.
# rpm -q qemu-kvm;uname -r
qemu-kvm-0.12.1.2-2.221.el6.x86_64
2.6.32-220.el6.x86_64

Actual Result:
After step 2.2, it completes "aa" to "aaa" instead of "aaa/", and screendump could save a correct snapshot by both "screendump abc/sn" and "aaa"


--------------
Base on above, this issue has been fixed.
Comment 9 Michal Novotny 2012-05-04 09:24:16 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause:
stat() can fail for file just read with readdir() and file_completion() uses uninitialized st_mode.

Consequence:
Slash character can be appended if directory bit happens to be set.

Fix:
[NEEDINFO: Markus, could you please add it? Thanks!]

Result:
File name is valid and doesn't refer to a non-existing directory
Comment 10 Markus Armbruster 2012-05-04 10:10:50 UTC 
    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1,11 +1,11 @@
 Cause:
-stat() can fail for file just read with readdir() and file_completion() uses uninitialized st_mode.
+Monitor file name completion code checks for directory incorrectly; the result is random.
 
 Consequence:
-Slash character can be appended if directory bit happens to be set.
+Completion can append a slash even when the completed name doesn't refer to a directory.
 
 Fix:
-[NEEDINFO: Markus, could you please add it? Thanks!]
+Fix the check for directory.
 
 Result:
-File name is valid and doesn't refer to a non-existing directory+Completion adds slash only when the completed name refers to a directory.
Comment 11 errata-xmlrpc 2012-06-20 11:37:08 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0746.html