From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:59997) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VFUOW-0005lq-Ec for qemu-devel@nongnu.org; Fri, 30 Aug 2013 15:30:13 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VFUOQ-0000Hy-Sw for qemu-devel@nongnu.org; Fri, 30 Aug 2013 15:30:08 -0400 Received: from cantor2.suse.de ([195.135.220.15]:54939 helo=mx2.suse.de) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VFUOQ-0000GL-J6 for qemu-devel@nongnu.org; Fri, 30 Aug 2013 15:30:02 -0400 Received: from relay1.suse.de (unknown [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 219A0A535B for ; Fri, 30 Aug 2013 21:30:02 +0200 (CEST) From: =?UTF-8?q?Andreas=20F=C3=A4rber?= Date: Fri, 30 Aug 2013 21:29:42 +0200 Message-Id: <1377890983-6481-17-git-send-email-afaerber@suse.de> In-Reply-To: <1377890983-6481-1-git-send-email-afaerber@suse.de> References: <1377890983-6481-1-git-send-email-afaerber@suse.de> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: [Qemu-devel] [PULL 16/17] qom: Assert instance size in object_initialize_with_type() List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Andreas=20F=C3=A4rber?= This catches objects initializing beyond allocated memory, e.g., when subtypes get extended with instance state of their own. Suggested-by: Peter Maydell Signed-off-by: Andreas F=C3=A4rber --- include/qom/object.h | 3 ++- qom/object.c | 7 ++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/include/qom/object.h b/include/qom/object.h index 13847fb..1a7b71a 100644 --- a/include/qom/object.h +++ b/include/qom/object.h @@ -586,13 +586,14 @@ Object *object_new_with_type(Type type); /** * object_initialize_with_type: * @data: A pointer to the memory to be used for the object. + * @size: The maximum size available at @data for the object. * @type: The type of the object to instantiate. * * This function will initialize an object. The memory for the object s= hould * have already been allocated. The returned object has a reference cou= nt of 1, * and will be finalized when the last reference is dropped. */ -void object_initialize_with_type(void *data, Type type); +void object_initialize_with_type(void *data, size_t size, Type type); =20 /** * object_initialize: diff --git a/qom/object.c b/qom/object.c index 1635422..e90e382 100644 --- a/qom/object.c +++ b/qom/object.c @@ -311,7 +311,7 @@ static void object_post_init_with_type(Object *obj, T= ypeImpl *ti) } } =20 -void object_initialize_with_type(void *data, TypeImpl *type) +void object_initialize_with_type(void *data, size_t size, TypeImpl *type= ) { Object *obj =3D data; =20 @@ -320,6 +320,7 @@ void object_initialize_with_type(void *data, TypeImpl= *type) =20 g_assert(type->instance_size >=3D sizeof(Object)); g_assert(type->abstract =3D=3D false); + g_assert(size >=3D type->instance_size); =20 memset(obj, 0, type->instance_size); obj->class =3D type->class; @@ -333,7 +334,7 @@ void object_initialize(void *data, size_t size, const= char *typename) { TypeImpl *type =3D type_get_by_name(typename); =20 - object_initialize_with_type(data, type); + object_initialize_with_type(data, size, type); } =20 static inline bool object_property_is_child(ObjectProperty *prop) @@ -424,7 +425,7 @@ Object *object_new_with_type(Type type) type_initialize(type); =20 obj =3D g_malloc(type->instance_size); - object_initialize_with_type(obj, type); + object_initialize_with_type(obj, type->instance_size, type); obj->free =3D g_free; =20 return obj; --=20 1.8.1.4