From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:47436)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <marc.mari.barcelo@gmail.com>) id 1WzLpf-0004x3-LG
	for qemu-devel@nongnu.org; Tue, 24 Jun 2014 04:12:08 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <marc.mari.barcelo@gmail.com>) id 1WzLpW-00055F-Ji
	for qemu-devel@nongnu.org; Tue, 24 Jun 2014 04:11:59 -0400
Received: from mail-we0-x22a.google.com ([2a00:1450:400c:c03::22a]:33465)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <marc.mari.barcelo@gmail.com>) id 1WzLpW-00054C-Dn
	for qemu-devel@nongnu.org; Tue, 24 Jun 2014 04:11:50 -0400
Received: by mail-we0-f170.google.com with SMTP id w61so8283962wes.15
	for <qemu-devel@nongnu.org>; Tue, 24 Jun 2014 01:11:49 -0700 (PDT)
Date: Tue, 24 Jun 2014 10:11:44 +0200
From: Marc =?UTF-8?B?TWFyw60=?= <marc.mari.barcelo@gmail.com>
Message-ID: <20140624101144.135f8095@crunchbang>
In-Reply-To: <20140624060517.GA4490@T430.redhat.com>
References: <1403535322-3346-1-git-send-email-marc.mari.barcelo@gmail.com>
	<20140624060517.GA4490@T430.redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [RFC] Functions bus_foreach and device_find from
 libqos virtio API
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Fam Zheng <famz@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>, qemu-devel@nongnu.org, Stefan Hajnoczi <stefanha@redhat.com>

Hello

> > -/* Tests only initialization so far. TODO: Replace with functional
> > tests */ -static void pci_nop(void)
> > +#define TEST_IMAGE_SIZE (64 * 1024 * 1024)
> > +
> > +static char tmp_path[] = "/tmp/qtest.XXXXXX";
> > +extern QVirtioBus qvirtio_pci;
> > +
> > +static void pci_basic(void)
> >  {
> > +    QVirtioDevice *dev;
> > +    dev = qvirtio_pci.device_find(VIRTIO_BLK_DEVICE_ID);
> > +    fprintf(stderr, "Device: %x %x %x\n",
> > +                            dev->device_id, dev->location,
> > dev->device_type); }
> >  
> >  int main(int argc, char **argv)
> >  {
> >      int ret;
> > +    int fd;
> > +    char test_start[100];
> 
> Depending on length of tmp_path, this looks quite close to an
> overflow ...
> 
> >  
> >      g_test_init(&argc, &argv, NULL);
> > -    qtest_add_func("/virtio/blk/pci/nop", pci_nop);
> > +    qtest_add_func("/virtio/blk/pci/basic", pci_basic);
> >  
> > -    qtest_start("-drive id=drv0,if=none,file=/dev/null "
> > -                "-device virtio-blk-pci,drive=drv0");
> > +    /* Create a temporary raw image */
> > +    fd = mkstemp(tmp_path);
> > +    g_assert_cmpint(fd, >=, 0);
> > +    ret = ftruncate(fd, TEST_IMAGE_SIZE);
> > +    g_assert_cmpint(ret, ==, 0);
> > +    close(fd);
> > +
> > +    sprintf(test_start, "-drive if=none,id=drive0,file=%s "
> > +                    "-device virtio-blk-pci,drive=drive0",
> > tmp_path);
> 
> ... here. Also please use snprintf.
> 

tmp_path is defined as global, and has always the same size
(/tmp/qtest.XXXXXX, where the X will be replaced by a temporary name).

But I'll change to snprintf for security.