[PATCH] tests/qtest/netdev-socket: Avoid variable-length array in inet_get_free_port

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] tests/qtest/netdev-socket: Avoid variable-length array in inet_get_free_port_multiple()
@ 2023-08-24 16:45 Peter Maydell
  2023-08-24 17:03 ` Thomas Huth
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Peter Maydell @ 2023-08-24 16:45 UTC (permalink / raw)
  To: qemu-devel; +Cc: Thomas Huth, Laurent Vivier

We use a variable-length array in inet_get_free_port_multiple().
This is only test code called at the start of a test, so switch to a
heap allocation instead.

The codebase has very few VLAs, and if we can get rid of them all we
can make the compiler error on new additions.  This is a defensive
measure against security bugs where an on-stack dynamic allocation
isn't correctly size-checked (e.g.  CVE-2021-3527).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 tests/qtest/netdev-socket.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/qtest/netdev-socket.c b/tests/qtest/netdev-socket.c
index 097abc0230b..8eed54801f2 100644
--- a/tests/qtest/netdev-socket.c
+++ b/tests/qtest/netdev-socket.c
@@ -82,7 +82,7 @@ static int inet_get_free_port_socket_ipv6(int sock)
 
 static int inet_get_free_port_multiple(int nb, int *port, bool ipv6)
 {
-    int sock[nb];
+    g_autofree int *sock = g_new(int, nb);
     int i;
 
     for (i = 0; i < nb; i++) {
-- 
2.34.1



^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] tests/qtest/netdev-socket: Avoid variable-length array in inet_get_free_port_multiple()
  2023-08-24 16:45 [PATCH] tests/qtest/netdev-socket: Avoid variable-length array in inet_get_free_port_multiple() Peter Maydell
@ 2023-08-24 17:03 ` Thomas Huth
  2023-08-25  4:52 ` Philippe Mathieu-Daudé
  2023-08-25  7:02 ` Laurent Vivier
  2 siblings, 0 replies; 4+ messages in thread
From: Thomas Huth @ 2023-08-24 17:03 UTC (permalink / raw)
  To: Peter Maydell, qemu-devel; +Cc: Laurent Vivier

On 24/08/2023 18.45, Peter Maydell wrote:
> We use a variable-length array in inet_get_free_port_multiple().
> This is only test code called at the start of a test, so switch to a
> heap allocation instead.
> 
> The codebase has very few VLAs, and if we can get rid of them all we
> can make the compiler error on new additions.  This is a defensive
> measure against security bugs where an on-stack dynamic allocation
> isn't correctly size-checked (e.g.  CVE-2021-3527).
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>   tests/qtest/netdev-socket.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/tests/qtest/netdev-socket.c b/tests/qtest/netdev-socket.c
> index 097abc0230b..8eed54801f2 100644
> --- a/tests/qtest/netdev-socket.c
> +++ b/tests/qtest/netdev-socket.c
> @@ -82,7 +82,7 @@ static int inet_get_free_port_socket_ipv6(int sock)
>   
>   static int inet_get_free_port_multiple(int nb, int *port, bool ipv6)
>   {
> -    int sock[nb];
> +    g_autofree int *sock = g_new(int, nb);
>       int i;
>   
>       for (i = 0; i < nb; i++) {

Reviewed-by: Thomas Huth <thuth@redhat.com>



^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] tests/qtest/netdev-socket: Avoid variable-length array in inet_get_free_port_multiple()
  2023-08-24 16:45 [PATCH] tests/qtest/netdev-socket: Avoid variable-length array in inet_get_free_port_multiple() Peter Maydell
  2023-08-24 17:03 ` Thomas Huth
@ 2023-08-25  4:52 ` Philippe Mathieu-Daudé
  2023-08-25  7:02 ` Laurent Vivier
  2 siblings, 0 replies; 4+ messages in thread
From: Philippe Mathieu-Daudé @ 2023-08-25  4:52 UTC (permalink / raw)
  To: Peter Maydell, qemu-devel; +Cc: Thomas Huth, Laurent Vivier

On 24/8/23 18:45, Peter Maydell wrote:
> We use a variable-length array in inet_get_free_port_multiple().
> This is only test code called at the start of a test, so switch to a
> heap allocation instead.
> 
> The codebase has very few VLAs, and if we can get rid of them all we
> can make the compiler error on new additions.  This is a defensive
> measure against security bugs where an on-stack dynamic allocation
> isn't correctly size-checked (e.g.  CVE-2021-3527).
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>   tests/qtest/netdev-socket.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>



^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] tests/qtest/netdev-socket: Avoid variable-length array in inet_get_free_port_multiple()
  2023-08-24 16:45 [PATCH] tests/qtest/netdev-socket: Avoid variable-length array in inet_get_free_port_multiple() Peter Maydell
  2023-08-24 17:03 ` Thomas Huth
  2023-08-25  4:52 ` Philippe Mathieu-Daudé
@ 2023-08-25  7:02 ` Laurent Vivier
  2 siblings, 0 replies; 4+ messages in thread
From: Laurent Vivier @ 2023-08-25  7:02 UTC (permalink / raw)
  To: Peter Maydell, qemu-devel; +Cc: Thomas Huth

On 8/24/23 18:45, Peter Maydell wrote:
> We use a variable-length array in inet_get_free_port_multiple().
> This is only test code called at the start of a test, so switch to a
> heap allocation instead.
> 
> The codebase has very few VLAs, and if we can get rid of them all we
> can make the compiler error on new additions.  This is a defensive
> measure against security bugs where an on-stack dynamic allocation
> isn't correctly size-checked (e.g.  CVE-2021-3527).
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>   tests/qtest/netdev-socket.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/tests/qtest/netdev-socket.c b/tests/qtest/netdev-socket.c
> index 097abc0230b..8eed54801f2 100644
> --- a/tests/qtest/netdev-socket.c
> +++ b/tests/qtest/netdev-socket.c
> @@ -82,7 +82,7 @@ static int inet_get_free_port_socket_ipv6(int sock)
>   
>   static int inet_get_free_port_multiple(int nb, int *port, bool ipv6)
>   {
> -    int sock[nb];
> +    g_autofree int *sock = g_new(int, nb);
>       int i;
>   
>       for (i = 0; i < nb; i++) {

Reviewed-by: Laurent Vivier <lvivier@redhat.com>



^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2023-08-25  7:04 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-08-24 16:45 [PATCH] tests/qtest/netdev-socket: Avoid variable-length array in inet_get_free_port_multiple() Peter Maydell
2023-08-24 17:03 ` Thomas Huth
2023-08-25  4:52 ` Philippe Mathieu-Daudé
2023-08-25  7:02 ` Laurent Vivier

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).