From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:34189)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <peterx@redhat.com>) id 1adZSh-0008LF-LQ
	for qemu-devel@nongnu.org; Wed, 09 Mar 2016 03:27:23 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <peterx@redhat.com>) id 1adZSg-0005i2-Qe
	for qemu-devel@nongnu.org; Wed, 09 Mar 2016 03:27:19 -0500
Received: from mx1.redhat.com ([209.132.183.28]:60953)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <peterx@redhat.com>) id 1adZSg-0005hx-L4
	for qemu-devel@nongnu.org; Wed, 09 Mar 2016 03:27:18 -0500
Date: Wed, 9 Mar 2016 16:27:03 +0800
From: Peter Xu <peterx@redhat.com>
Message-ID: <20160309082703.GT2377@pxdev.xzpeter.org>
References: <1457504091-31887-1-git-send-email-peterx@redhat.com>
	<20160309074259.GG17947@ad.usersys.redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20160309074259.GG17947@ad.usersys.redhat.com>
Subject: Re: [Qemu-devel] [PATCH] hw/i386: fix unbounded stack for
 load_multiboot
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Fam Zheng <famz@redhat.com>
Cc: peter.maydell@linaro.org, ehabkost@redhat.com, mst@redhat.com, qemu-devel@nongnu.org, pbonzini@redhat.com, rth@twiddle.net

On Wed, Mar 09, 2016 at 03:42:59PM +0800, Fam Zheng wrote:
> On Wed, 03/09 14:14, Peter Xu wrote:
> > Use heap rather than stack for kcmdline.
> > 
> > Signed-off-by: Peter Xu <peterx@redhat.com>
> > ---
> >  hw/i386/multiboot.c | 5 ++---
> >  1 file changed, 2 insertions(+), 3 deletions(-)
> > 
> > diff --git a/hw/i386/multiboot.c b/hw/i386/multiboot.c
> > index 9e164e6..bc45394 100644
> > --- a/hw/i386/multiboot.c
> > +++ b/hw/i386/multiboot.c
> > @@ -324,10 +324,9 @@ int load_multiboot(FWCfgState *fw_cfg,
> >      }
> >  
> >      /* Commandline support */
> > -    char kcmdline[strlen(kernel_filename) + strlen(kernel_cmdline) + 2];
> > -    snprintf(kcmdline, sizeof(kcmdline), "%s %s",
> > -             kernel_filename, kernel_cmdline);
> > +    char *kcmdline = g_strdup_printf("%s %s", kernel_filename, kernel_cmdline);
> >      stl_p(bootinfo + MBI_CMDLINE, mb_add_cmdline(&mbs, kcmdline));
> > +    g_free(kcmdline);
> >  
> >      stl_p(bootinfo + MBI_BOOTLOADER, mb_add_bootloader(&mbs, bootloader_name));
> 
> While at it, it's better to move the variable declaration to the beginning of
> function.

Yes, I can do that. Let me post v2.

Thanks.
Peter