From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:50538) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aiC19-0001zO-7P for qemu-devel@nongnu.org; Mon, 21 Mar 2016 22:26:00 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aiC15-0007Qw-7B for qemu-devel@nongnu.org; Mon, 21 Mar 2016 22:25:59 -0400 Received: from mx1.redhat.com ([209.132.183.28]:50073) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aiC15-0007Qo-1C for qemu-devel@nongnu.org; Mon, 21 Mar 2016 22:25:55 -0400 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) by mx1.redhat.com (Postfix) with ESMTPS id B2692627C4 for ; Tue, 22 Mar 2016 02:25:54 +0000 (UTC) Date: Tue, 22 Mar 2016 10:25:49 +0800 From: Peter Xu Message-ID: <20160322022549.GB26867@pxdev.xzpeter.org> References: <1457503418-31299-1-git-send-email-peterx@redhat.com> <20160310013605.GD4091@pxdev.xzpeter.org> <56F06071.6080306@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <56F06071.6080306@redhat.com> Subject: Re: [Qemu-devel] [PATCH] qdict: fix unbounded stack for qdict_array_entries List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Eric Blake Cc: Kevin Wolf , pbonzini@redhat.com, qemu-devel@nongnu.org, Markus Armbruster On Mon, Mar 21, 2016 at 02:58:25PM -0600, Eric Blake wrote: > On 03/09/2016 06:36 PM, Peter Xu wrote: > > Sorry to forgot CCing Eric/Markus/Kevin. > > > > This patch title is not correct, which should be: > > > > "Fix unbounded stack warning for qdict_array_entries" > > Keep the 'qdict:' prefix, but yes, adding "warning" helps the commit > message. > > > > > Do I need to re-send with the same content? > > For just the title adjustment, it's up to the maintainer. Often, a > maintainer will make small changes like that before sending a pull request. > > > > > I'm using g_strdup_printf() here, considering it's most convenient, > > safe, and as long as it's called rarely only when quorum device > > opens. > > On the other hand, this information might have been useful... > > > > > Thanks. > > Peter > > > > On Wed, Mar 09, 2016 at 02:03:38PM +0800, Peter Xu wrote: > >> Signed-off-by: Peter Xu > > ...in the commit body proper (explaining why you are always allocating, > because it is not a hot path). So a v2 might indeed be easier. > > >> +++ b/qobject/qdict.c > >> @@ -704,19 +704,16 @@ int qdict_array_entries(QDict *src, const char *subqdict) > >> for (i = 0; i < INT_MAX; i++) { > >> QObject *subqobj; > >> int subqdict_entries; > >> - size_t slen = 32 + subqdict_len; > >> - char indexstr[slen], prefix[slen]; > >> - size_t snprintf_ret; > >> + char *prefix = g_strdup_printf("%s%u.", subqdict, i); > > If we were worried that this could be a hot path, you could add a %n and > &len here... > > >> > >> - snprintf_ret = snprintf(indexstr, slen, "%s%u", subqdict, i); > >> - assert(snprintf_ret < slen); > >> + subqdict_entries = qdict_count_prefixed_entries(src, prefix); > >> > >> - subqobj = qdict_get(src, indexstr); > >> + /* Remove ending "." */ > >> + prefix[strlen(prefix) - 1] = 0x00; > > ...to avoid the strlen() call here. But this is not a hot path, and %n > always makes me worry about security, so I'm fine with your approach. > > However, 0x00 is a rather verbose way of writing 0 (and even if you want > verbosity, '\0' is more idiomatic 0x00). > > At this point, if you send a v2 with s/0x00/0/ and the improved commit > message, you can also include: > Reviewed-by: Eric Blake Will respin just like above, and with you r-b. Thanks! -- peterx