[Qemu-devel] [PULL 06/40] spapr_drc: use g_strdup_printf() instead of snprintf()

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: David Gibson <david@gibson.dropbear.id.au>
To: peter.maydell@linaro.org
Cc: agraf@suse.de, mdroth@linux.vnet.ibm.com, aik@ozlabs.ru,
	sam.bobroff@au1.ibm.com, imammedo@redhat.com,
	qemu-ppc@nongnu.org, qemu-devel@nongnu.org,
	Greg Kurz <groug@kaod.org>,
	David Gibson <david@gibson.dropbear.id.au>
Subject: [Qemu-devel] [PULL 06/40] spapr_drc: use g_strdup_printf() instead of snprintf()
Date: Fri,  8 Sep 2017 20:35:24 +1000	[thread overview]
Message-ID: <20170908103558.31632-7-david@gibson.dropbear.id.au> (raw)
In-Reply-To: <20170908103558.31632-1-david@gibson.dropbear.id.au>

From: Greg Kurz <groug@kaod.org>

Passing a stack allocated buffer of arbitrary length to snprintf()
without checking the return value can cause the resultant strings
to be silently truncated.

Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 hw/ppc/spapr_drc.c | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/hw/ppc/spapr_drc.c b/hw/ppc/spapr_drc.c
index 85c999d9cb..644a6fffaf 100644
--- a/hw/ppc/spapr_drc.c
+++ b/hw/ppc/spapr_drc.c
@@ -492,7 +492,7 @@ static void realize(DeviceState *d, Error **errp)
 {
     sPAPRDRConnector *drc = SPAPR_DR_CONNECTOR(d);
     Object *root_container;
-    char link_name[256];
+    gchar *link_name;
     gchar *child_name;
     Error *err = NULL;
 
@@ -505,12 +505,13 @@ static void realize(DeviceState *d, Error **errp)
      * existing in the composition tree
      */
     root_container = container_get(object_get_root(), DRC_CONTAINER_PATH);
-    snprintf(link_name, sizeof(link_name), "%x", spapr_drc_index(drc));
+    link_name = g_strdup_printf("%x", spapr_drc_index(drc));
     child_name = object_get_canonical_path_component(OBJECT(drc));
     trace_spapr_drc_realize_child(spapr_drc_index(drc), child_name);
     object_property_add_alias(root_container, link_name,
                               drc->owner, child_name, &err);
     g_free(child_name);
+    g_free(link_name);
     if (err) {
         error_propagate(errp, err);
         return;
@@ -525,14 +526,15 @@ static void unrealize(DeviceState *d, Error **errp)
 {
     sPAPRDRConnector *drc = SPAPR_DR_CONNECTOR(d);
     Object *root_container;
-    char name[256];
+    gchar *name;
 
     trace_spapr_drc_unrealize(spapr_drc_index(drc));
     qemu_unregister_reset(drc_reset, drc);
     vmstate_unregister(DEVICE(drc), &vmstate_spapr_drc, drc);
     root_container = container_get(object_get_root(), DRC_CONTAINER_PATH);
-    snprintf(name, sizeof(name), "%x", spapr_drc_index(drc));
+    name = g_strdup_printf("%x", spapr_drc_index(drc));
     object_property_del(root_container, name, errp);
+    g_free(name);
 }
 
 sPAPRDRConnector *spapr_dr_connector_new(Object *owner, const char *type,
@@ -730,10 +732,11 @@ static const TypeInfo spapr_drc_lmb_info = {
 sPAPRDRConnector *spapr_drc_by_index(uint32_t index)
 {
     Object *obj;
-    char name[256];
+    gchar *name;
 
-    snprintf(name, sizeof(name), "%s/%x", DRC_CONTAINER_PATH, index);
+    name = g_strdup_printf("%s/%x", DRC_CONTAINER_PATH, index);
     obj = object_resolve_path(name, NULL);
+    g_free(name);
 
     return !obj ? NULL : SPAPR_DR_CONNECTOR(obj);
 }
-- 
2.13.5

next prev parent reply	other threads:[~2017-09-08 10:36 UTC|newest]

Thread overview: 44+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-09-08 10:35 [Qemu-devel] [PULL 00/40] ppc-for-2.11 queue 20170908 David Gibson
2017-09-08 10:35 ` [Qemu-devel] [PULL 01/40] hw/ppc/spapr_drc.c: change spapr_drc_needed to use drc->dev David Gibson
2017-09-08 10:35 ` [Qemu-devel] [PULL 02/40] hw/ppc: clear pending_events on machine reset David Gibson
2017-09-12 17:28   ` Peter Maydell
2017-09-12 18:27     ` [Qemu-devel] [Qemu-ppc] " Greg Kurz
2017-09-08 10:35 ` [Qemu-devel] [PULL 03/40] hw/ppc: CAS reset on early device hotplug David Gibson
2017-09-08 10:35 ` [Qemu-devel] [PULL 04/40] spapr_pci: use memory_region_add_subregion() with DMA windows David Gibson
2017-09-08 10:35 ` [Qemu-devel] [PULL 05/40] spapr_iommu: use g_strdup_printf() instead of snprintf() David Gibson
2017-09-08 10:35 ` David Gibson [this message]
2017-09-08 10:35 ` [Qemu-devel] [PULL 07/40] spapr_iommu: convert TCE table object to realize() David Gibson
2017-09-08 10:35 ` [Qemu-devel] [PULL 08/40] spapr_pci: parent the MSI memory region to the PHB David Gibson
2017-09-08 10:35 ` [Qemu-devel] [PULL 09/40] spapr_drc: add unrealize method to physical DRC class David Gibson
2017-09-08 10:35 ` [Qemu-devel] [PULL 10/40] spapr_drc: pass object ownership to parent/owner David Gibson
2017-09-08 10:35 ` [Qemu-devel] [PULL 11/40] spapr_iommu: " David Gibson
2017-09-08 10:35 ` [Qemu-devel] [PULL 12/40] spapr_iommu: unregister vmstate at unrealize time David Gibson
2017-09-08 10:35 ` [Qemu-devel] [PULL 13/40] spapr: add pseries-2.11 machine type David Gibson
2017-09-08 10:35 ` [Qemu-devel] [PULL 14/40] e500: Use cpu_index instead of vcpu_dt_id David Gibson
2017-09-08 10:35 ` [Qemu-devel] [PULL 15/40] ppc: spapr: Rename cpu_dt_id to vcpu_id David Gibson
2017-09-08 10:35 ` [Qemu-devel] [PULL 16/40] ppc: spapr: Make VCPU ID handling private to SPAPR David Gibson
2017-09-08 10:35 ` [Qemu-devel] [PULL 17/40] booke206: fix booke206_tlbnps for mav 2.0 David Gibson
2017-09-08 10:35 ` [Qemu-devel] [PULL 18/40] booke206: fix tlbnps for fixed size TLB David Gibson
2017-09-08 10:35 ` [Qemu-devel] [PULL 19/40] booke206: allow to specify an mmucfg value at the init David Gibson
2017-09-08 10:35 ` [Qemu-devel] [PULL 20/40] ppc64: introduce e6500 David Gibson
2017-09-08 10:35 ` [Qemu-devel] [PULL 21/40] spapr_iommu: Realloc guest visible TCE table when hot(un)plugging vfio-pci David Gibson
2017-09-08 10:35 ` [Qemu-devel] [PULL 22/40] ppc4xx: Move MAL from ppc405_uc to ppc4xx_devs David Gibson
2017-09-08 10:35 ` [Qemu-devel] [PULL 23/40] ppc4xx: Make MAL emulation more generic David Gibson
2017-09-08 10:35 ` [Qemu-devel] [PULL 24/40] ppc4xx: Split off 4xx I2C emulation from ppc405_uc to its own file David Gibson
2017-09-08 10:35 ` [Qemu-devel] [PULL 25/40] ppc4xx_i2c: QOMify David Gibson
2017-09-08 10:35 ` [Qemu-devel] [PULL 26/40] ppc4xx_i2c: Move to hw/i2c David Gibson
2017-09-08 10:35 ` [Qemu-devel] [PULL 27/40] ppc4xx: Export ECB and PLB emulation David Gibson
2017-09-08 10:35 ` [Qemu-devel] [PULL 28/40] hw/ppc/spapr_cpu_core: Add a proper check for spapr machine David Gibson
2017-09-08 10:35 ` [Qemu-devel] [PULL 29/40] hw/nvram/spapr_nvram: Device can not be created by the users David Gibson
2017-09-08 10:35 ` [Qemu-devel] [PULL 30/40] spapr: fallback to raw mode if best compat mode cannot be set during CAS David Gibson
2017-09-08 10:35 ` [Qemu-devel] [PULL 31/40] PPC: KVM: Support machine option to set VSMT mode David Gibson
2017-09-08 10:35 ` [Qemu-devel] [PULL 32/40] target/ppc: Remove old STATUS file David Gibson
2017-09-08 10:35 ` [Qemu-devel] [PULL 33/40] ppc: use macros to make cpu type name from string literal David Gibson
2017-09-08 10:35 ` [Qemu-devel] [PULL 34/40] ppc: make cpu_model translation to type consistent David Gibson
2017-09-08 10:35 ` [Qemu-devel] [PULL 35/40] ppc: make cpu alias point only to real cpu models David Gibson
2017-09-08 10:35 ` [Qemu-devel] [PULL 36/40] ppc: replace inter-function cyclic dependency/recurssion with 2 simple lookups David Gibson
2017-09-08 10:35 ` [Qemu-devel] [PULL 37/40] ppc: simplify cpu model lookup by PVR David Gibson
2017-09-08 10:35 ` [Qemu-devel] [PULL 38/40] ppc: drop caching ObjectClass from PowerPCCPUAlias David Gibson
2017-09-08 10:35 ` [Qemu-devel] [PULL 39/40] ppc: remove non implemented cpu models David Gibson
2017-09-08 10:35 ` [Qemu-devel] [PULL 40/40] ppc: spapr: Move VCPU ID calculation into sPAPR David Gibson
2017-09-08 15:04 ` [Qemu-devel] [PULL 00/40] ppc-for-2.11 queue 20170908 Peter Maydell

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:85c999d9c dfblob:644a6fffa )
 OR (
bs:"[Qemu-devel] [PULL 06/40] spapr_drc: use g_strdup_printf() instead of snprintf()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170908103558.31632-7-david@gibson.dropbear.id.au \
    --to=david@gibson.dropbear.id.au \
    --cc=agraf@suse.de \
    --cc=aik@ozlabs.ru \
    --cc=groug@kaod.org \
    --cc=imammedo@redhat.com \
    --cc=mdroth@linux.vnet.ibm.com \
    --cc=peter.maydell@linaro.org \
    --cc=qemu-devel@nongnu.org \
    --cc=qemu-ppc@nongnu.org \
    --cc=sam.bobroff@au1.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).