From: Francisco Iglesias <frasse.iglesias@gmail.com>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-devel@nongnu.org, Gerd Hoffmann <kraxel@redhat.com>,
Christian Schoenebeck <qemu_oss@crudebyte.com>
Subject: Re: [PATCH 1/2] audio/jackaudio: Avoid dynamic stack allocation in qjack_client_init
Date: Mon, 21 Aug 2023 09:12:36 +0200 [thread overview]
Message-ID: <20230821071235.GL6984@fralle-msi> (raw)
In-Reply-To: <20230818155846.1651287-2-peter.maydell@linaro.org>
On [2023 Aug 18] Fri 16:58:45, Peter Maydell wrote:
> Avoid a dynamic stack allocation in qjack_client_init(), by using
> a g_autofree heap allocation instead.
>
> (We stick with allocate + snprintf() because the JACK API requires
> the name to be no more than its maximum size, so g_strdup_printf()
> would require an extra truncation step.)
>
> The codebase has very few VLAs, and if we can get rid of them all we
> can make the compiler error on new additions. This is a defensive
> measure against security bugs where an on-stack dynamic allocation
> isn't correctly size-checked (e.g. CVE-2021-3527).
>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
> ---
> audio/jackaudio.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/audio/jackaudio.c b/audio/jackaudio.c
> index 5bdf3d7a78d..7cb2a49f971 100644
> --- a/audio/jackaudio.c
> +++ b/audio/jackaudio.c
> @@ -400,7 +400,8 @@ static void qjack_client_connect_ports(QJackClient *c)
> static int qjack_client_init(QJackClient *c)
> {
> jack_status_t status;
> - char client_name[jack_client_name_size()];
> + int client_name_len = jack_client_name_size(); /* includes NUL */
> + g_autofree char *client_name = g_new(char, client_name_len);
> jack_options_t options = JackNullOption;
>
> if (c->state == QJACK_STATE_RUNNING) {
> @@ -409,7 +410,7 @@ static int qjack_client_init(QJackClient *c)
>
> c->connect_ports = true;
>
> - snprintf(client_name, sizeof(client_name), "%s-%s",
> + snprintf(client_name, client_name_len, "%s-%s",
> c->out ? "out" : "in",
> c->opt->client_name ? c->opt->client_name : audio_application_name());
>
> --
> 2.34.1
>
>
next prev parent reply other threads:[~2023-08-21 7:13 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-18 15:58 [PATCH 0/2] audio/jackaudio: avoid dynamic stack allocations Peter Maydell
2023-08-18 15:58 ` [PATCH 1/2] audio/jackaudio: Avoid dynamic stack allocation in qjack_client_init Peter Maydell
2023-08-21 7:12 ` Francisco Iglesias [this message]
2023-08-21 8:01 ` Christian Schoenebeck
2023-08-21 10:00 ` Peter Maydell
2023-08-18 15:58 ` [PATCH 2/2] audio/jackaudio: Avoid dynamic stack allocation in qjack_process() Peter Maydell
2023-08-21 8:16 ` Francisco Iglesias
2023-08-22 13:56 ` Christian Schoenebeck
2023-08-21 7:48 ` [PATCH 0/2] audio/jackaudio: avoid dynamic stack allocations Marc-André Lureau
2023-09-12 14:19 ` Peter Maydell
2023-09-18 7:20 ` Gerd Hoffmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230821071235.GL6984@fralle-msi \
--to=frasse.iglesias@gmail.com \
--cc=kraxel@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu_oss@crudebyte.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.