From: Greg Kurz <groug@kaod.org>
To: Alexey Kardashevskiy <aik@ozlabs.ru>
Cc: qemu-devel@nongnu.org, "Michael S. Tsirkin" <mst@redhat.com>,
Michael Roth <mdroth@linux.vnet.ibm.com>,
qemu-ppc@nongnu.org, Bharata B Rao <bharata@linux.vnet.ibm.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Daniel Henrique Barboza <danielhb@linux.vnet.ibm.com>,
David Gibson <david@gibson.dropbear.id.au>
Subject: Re: [Qemu-devel] [for-2.11 PATCH 03/26] spapr_iommu: use g_strdup_printf() instead of snprintf()
Date: Wed, 26 Jul 2017 11:48:46 +0200 [thread overview]
Message-ID: <20170726114846.6449ff78@bahia.lan> (raw)
In-Reply-To: <506fd8f5-15e1-8b24-a942-f59fa8f52312@ozlabs.ru>
[-- Attachment #1: Type: text/plain, Size: 2877 bytes --]
On Wed, 26 Jul 2017 13:37:03 +1000
Alexey Kardashevskiy <aik@ozlabs.ru> wrote:
> On 26/07/17 03:58, Greg Kurz wrote:
> > Passing a stack allocated buffer of arbitrary length to snprintf()
> > without checking the return value can cause the resultant strings
> > to be silently truncated.
>
> The strings it is touching cannot be silently truncated as
> "tce-iommu-XXXXXXXX" are shorter than 32 chars.
>
True but if the string was to be changed (unlikely, I admit) then we should
ensure the array is large enough. And anyway, this means we waste stack space,
which is suboptimal. As noted by David, it is a common practice in QEMU to use
g_strdup_printf().
>
> >
> > Signed-off-by: Greg Kurz <groug@kaod.org>
> > ---
> > hw/ppc/spapr_iommu.c | 13 ++++++++-----
> > 1 file changed, 8 insertions(+), 5 deletions(-)
> >
> > diff --git a/hw/ppc/spapr_iommu.c b/hw/ppc/spapr_iommu.c
> > index e614621a8317..740d42608b61 100644
> > --- a/hw/ppc/spapr_iommu.c
> > +++ b/hw/ppc/spapr_iommu.c
> > @@ -252,17 +252,19 @@ static int spapr_tce_table_realize(DeviceState *dev)
> > {
> > sPAPRTCETable *tcet = SPAPR_TCE_TABLE(dev);
> > Object *tcetobj = OBJECT(tcet);
> > - char tmp[32];
> > + gchar *tmp;
> >
> > tcet->fd = -1;
> > tcet->need_vfio = false;
> > - snprintf(tmp, sizeof(tmp), "tce-root-%x", tcet->liobn);
> > + tmp = g_strdup_printf("tce-root-%x", tcet->liobn);
> > memory_region_init(&tcet->root, tcetobj, tmp, UINT64_MAX);
> > + g_free(tmp);
> >
> > - snprintf(tmp, sizeof(tmp), "tce-iommu-%x", tcet->liobn);
> > + tmp = g_strdup_printf("tce-iommu-%x", tcet->liobn);
> > memory_region_init_iommu(&tcet->iommu, sizeof(tcet->iommu),
> > TYPE_SPAPR_IOMMU_MEMORY_REGION,
> > tcetobj, tmp, 0);
> > + g_free(tmp);
> >
> > QLIST_INSERT_HEAD(&spapr_tce_tables, tcet, list);
> >
> > @@ -307,7 +309,7 @@ void spapr_tce_set_need_vfio(sPAPRTCETable *tcet, bool need_vfio)
> > sPAPRTCETable *spapr_tce_new_table(DeviceState *owner, uint32_t liobn)
> > {
> > sPAPRTCETable *tcet;
> > - char tmp[32];
> > + gchar *tmp;
> >
> > if (spapr_tce_find_by_liobn(liobn)) {
> > error_report("Attempted to create TCE table with duplicate"
> > @@ -318,8 +320,9 @@ sPAPRTCETable *spapr_tce_new_table(DeviceState *owner, uint32_t liobn)
> > tcet = SPAPR_TCE_TABLE(object_new(TYPE_SPAPR_TCE_TABLE));
> > tcet->liobn = liobn;
> >
> > - snprintf(tmp, sizeof(tmp), "tce-table-%x", liobn);
> > + tmp = g_strdup_printf("tce-table-%x", liobn);
> > object_property_add_child(OBJECT(owner), tmp, OBJECT(tcet), NULL);
> > + g_free(tmp);
> >
> > object_property_set_bool(OBJECT(tcet), true, "realized", NULL);
> >
> >
> >
>
>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
next prev parent reply other threads:[~2017-07-26 9:49 UTC|newest]
Thread overview: 100+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-25 17:57 [Qemu-devel] [for-2.11 PATCH 00/26] spapr: add support for PHB hotplug Greg Kurz
2017-07-25 17:58 ` [Qemu-devel] [for-2.11 PATCH 01/26] spapr: move spapr_create_phb() to core machine code Greg Kurz
2017-07-26 3:32 ` Alexey Kardashevskiy
2017-07-26 3:52 ` David Gibson
2017-07-26 8:55 ` Greg Kurz
2017-07-25 17:58 ` [Qemu-devel] [for-2.11 PATCH 02/26] spapr_pci: use memory_region_add_subregion() with DMA windows Greg Kurz
2017-07-26 3:33 ` [Qemu-devel] [Qemu-ppc] " Alexey Kardashevskiy
2017-07-26 3:53 ` David Gibson
2017-07-26 3:56 ` David Gibson
2017-07-25 17:58 ` [Qemu-devel] [for-2.11 PATCH 03/26] spapr_iommu: use g_strdup_printf() instead of snprintf() Greg Kurz
2017-07-26 3:37 ` Alexey Kardashevskiy
2017-07-26 3:57 ` David Gibson
2017-07-26 9:48 ` Greg Kurz [this message]
2017-07-25 17:58 ` [Qemu-devel] [for-2.11 PATCH 04/26] spapr_drc: " Greg Kurz
2017-07-26 3:58 ` David Gibson
2017-07-31 10:11 ` Philippe Mathieu-Daudé
2017-07-31 10:34 ` Greg Kurz
2017-07-31 12:53 ` David Gibson
2017-07-31 14:57 ` Philippe Mathieu-Daudé
2017-07-25 17:59 ` [Qemu-devel] [for-2.11 PATCH 05/26] spapr_iommu: convert TCE table object to realize() Greg Kurz
2017-07-26 4:00 ` David Gibson
2017-07-26 4:15 ` [Qemu-devel] [Qemu-ppc] " Alexey Kardashevskiy
2017-07-25 17:59 ` [Qemu-devel] [for-2.11 PATCH 06/26] spapr_pci: parent the MSI memory region to the PHB Greg Kurz
2017-07-26 4:01 ` David Gibson
2017-07-26 4:29 ` [Qemu-devel] [Qemu-ppc] " Alexey Kardashevskiy
2017-07-26 13:56 ` Greg Kurz
2017-07-25 17:59 ` [Qemu-devel] [for-2.11 PATCH 07/26] spapr_drc: fix realize and unrealize Greg Kurz
2017-07-26 4:04 ` David Gibson
2017-07-26 9:36 ` Greg Kurz
2017-07-27 3:44 ` David Gibson
2017-07-25 17:59 ` [Qemu-devel] [for-2.11 PATCH 08/26] spapr_drc: add unrealize method to physical DRC class Greg Kurz
2017-07-26 4:06 ` David Gibson
2017-07-26 14:22 ` Greg Kurz
2017-07-25 17:59 ` [Qemu-devel] [for-2.11 PATCH 09/26] spapr_drc: pass object ownership to parent/owner Greg Kurz
2017-07-26 4:07 ` David Gibson
2017-07-25 18:00 ` [Qemu-devel] [for-2.11 PATCH 10/26] spapr_iommu: " Greg Kurz
2017-07-26 4:08 ` David Gibson
2017-07-25 18:00 ` [Qemu-devel] [for-2.11 PATCH 11/26] spapr_iommu: unregister vmstate at unrealize time Greg Kurz
2017-07-26 4:15 ` David Gibson
2017-07-25 18:00 ` [Qemu-devel] [for-2.11 PATCH 12/26] pci: allow cleanup/unregistration of PCI buses Greg Kurz
2017-07-25 18:00 ` [Qemu-devel] [for-2.11 PATCH 13/26] qdev: store DeviceState's canonical path to use when unparenting Greg Kurz
2017-07-26 5:24 ` David Gibson
2017-07-26 12:03 ` Michael Roth
2017-07-27 16:50 ` Greg Kurz
2017-07-28 2:59 ` David Gibson
2017-07-25 18:01 ` [Qemu-devel] [for-2.11 PATCH 14/26] spapr_pci: add PHB unrealize Greg Kurz
2017-07-25 18:01 ` [Qemu-devel] [for-2.11 PATCH 15/26] spapr: add pseries-2.11 machine type Greg Kurz
2017-07-26 5:28 ` David Gibson
2017-07-25 18:01 ` [Qemu-devel] [for-2.11 PATCH 16/26] spapr: enable PHB hotplug for pseries-2.11 Greg Kurz
2017-07-26 4:42 ` [Qemu-devel] [Qemu-ppc] " Alexey Kardashevskiy
2017-07-26 14:32 ` Greg Kurz
2017-07-27 15:52 ` Michael Roth
2017-07-25 18:01 ` [Qemu-devel] [for-2.11 PATCH 17/26] spapr_pci: introduce drc_id property Greg Kurz
2017-07-28 3:46 ` David Gibson
2017-07-25 18:01 ` [Qemu-devel] [for-2.11 PATCH 18/26] spapr: create DR connectors for PHBs Greg Kurz
2017-07-28 3:49 ` David Gibson
2017-07-28 10:30 ` Greg Kurz
2017-07-31 2:58 ` David Gibson
2017-09-06 11:32 ` [Qemu-devel] [Qemu-ppc] " Greg Kurz
2017-09-13 12:23 ` David Gibson
2017-09-13 12:56 ` Greg Kurz
2017-09-15 9:09 ` David Gibson
2017-07-25 18:02 ` [Qemu-devel] [for-2.11 PATCH 19/26] spapr: populate PHB DRC entries for root DT node Greg Kurz
2017-07-25 20:51 ` Michael Roth
2017-07-26 15:45 ` Greg Kurz
2017-07-26 5:47 ` David Gibson
2017-07-26 15:01 ` Greg Kurz
2017-07-25 18:02 ` [Qemu-devel] [for-2.11 PATCH 20/26] spapr_events: add support for phb hotplug events Greg Kurz
2017-07-25 18:02 ` [Qemu-devel] [for-2.11 PATCH 21/26] qdev: pass an Object * to qbus_set_hotplug_handler() Greg Kurz
2017-07-28 3:50 ` David Gibson
2017-07-25 18:02 ` [Qemu-devel] [for-2.11 PATCH 22/26] spapr_pci: provide node start offset via spapr_populate_pci_dt() Greg Kurz
2017-07-28 3:52 ` David Gibson
2017-07-25 18:02 ` [Qemu-devel] [for-2.11 PATCH 23/26] spapr_pci: add ibm, my-drc-index property for PHB hotplug Greg Kurz
2017-07-25 18:03 ` [Qemu-devel] [for-2.11 PATCH 24/26] spapr: allow guest to update the XICS phandle Greg Kurz
2017-07-26 5:38 ` Alexey Kardashevskiy
2017-07-28 4:02 ` David Gibson
2017-07-28 6:20 ` Thomas Huth
2017-07-31 4:58 ` David Gibson
2017-08-01 2:20 ` Alexey Kardashevskiy
2017-08-01 11:26 ` Greg Kurz
2017-08-02 2:35 ` David Gibson
2017-07-25 18:03 ` [Qemu-devel] [for-2.11 PATCH 25/26] spapr_pci: drop abusive sanity check when migrating the LSI table Greg Kurz
2017-07-28 4:09 ` David Gibson
2017-07-26 3:44 ` [Qemu-devel] [for-2.11 PATCH 00/26] spapr: add support for PHB hotplug Alexey Kardashevskiy
2017-07-26 8:48 ` Greg Kurz
2017-07-26 8:40 ` [Qemu-devel] [for-2.11 PATCH 26/26] spapr: add hotplug hooks " Greg Kurz
2017-07-27 4:41 ` Alexey Kardashevskiy
2017-07-27 17:09 ` Greg Kurz
2017-07-27 18:37 ` Michael Roth
2017-08-01 14:59 ` Greg Kurz
2017-07-28 4:24 ` David Gibson
2017-08-01 15:30 ` Greg Kurz
2017-08-02 2:39 ` David Gibson
2017-08-02 7:43 ` Greg Kurz
2017-07-26 20:31 ` [Qemu-devel] [Qemu-ppc] [for-2.11 PATCH 00/26] spapr: add support " Daniel Henrique Barboza
2017-07-27 16:39 ` Greg Kurz
2017-07-28 3:27 ` Alexey Kardashevskiy
2017-07-28 3:40 ` David Gibson
2017-07-28 5:35 ` Cédric Le Goater
2017-07-28 8:39 ` Greg Kurz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170726114846.6449ff78@bahia.lan \
--to=groug@kaod.org \
--cc=aik@ozlabs.ru \
--cc=bharata@linux.vnet.ibm.com \
--cc=danielhb@linux.vnet.ibm.com \
--cc=david@gibson.dropbear.id.au \
--cc=mdroth@linux.vnet.ibm.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.