From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:34337) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1adXOk-0005z5-Ri for qemu-devel@nongnu.org; Wed, 09 Mar 2016 01:15:07 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1adXOf-0007Sy-TA for qemu-devel@nongnu.org; Wed, 09 Mar 2016 01:15:06 -0500 Received: from mx1.redhat.com ([209.132.183.28]:38277) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1adXOf-0007Sa-Ou for qemu-devel@nongnu.org; Wed, 09 Mar 2016 01:15:01 -0500 From: Peter Xu Date: Wed, 9 Mar 2016 14:14:51 +0800 Message-Id: <1457504091-31887-1-git-send-email-peterx@redhat.com> Subject: [Qemu-devel] [PATCH] hw/i386: fix unbounded stack for load_multiboot List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: peter.maydell@linaro.org, ehabkost@redhat.com, mst@redhat.com, peterx@redhat.com, pbonzini@redhat.com, rth@twiddle.net Use heap rather than stack for kcmdline. Signed-off-by: Peter Xu --- hw/i386/multiboot.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/hw/i386/multiboot.c b/hw/i386/multiboot.c index 9e164e6..bc45394 100644 --- a/hw/i386/multiboot.c +++ b/hw/i386/multiboot.c @@ -324,10 +324,9 @@ int load_multiboot(FWCfgState *fw_cfg, } /* Commandline support */ - char kcmdline[strlen(kernel_filename) + strlen(kernel_cmdline) + 2]; - snprintf(kcmdline, sizeof(kcmdline), "%s %s", - kernel_filename, kernel_cmdline); + char *kcmdline = g_strdup_printf("%s %s", kernel_filename, kernel_cmdline); stl_p(bootinfo + MBI_CMDLINE, mb_add_cmdline(&mbs, kcmdline)); + g_free(kcmdline); stl_p(bootinfo + MBI_BOOTLOADER, mb_add_bootloader(&mbs, bootloader_name)); -- 2.4.3