From: Eric Blake <eblake@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Philippe Mathieu-Daudé" <philmd@redhat.com>,
"Peter Maydell" <peter.maydell@linaro.org>
Subject: [PULL 06/13] util/iov: Avoid dynamic stack allocation
Date: Thu, 7 Sep 2023 20:35:42 -0500 [thread overview]
Message-ID: <20230908013535.990731-21-eblake@redhat.com> (raw)
In-Reply-To: <20230908013535.990731-15-eblake@redhat.com>
From: Philippe Mathieu-Daudé <philmd@redhat.com>
Use autofree heap allocation instead of variable-length array on the
stack.
The codebase has very few VLAs, and if we can get rid of them all we
can make the compiler error on new additions. This is a defensive
measure against security bugs where an on-stack dynamic allocation
isn't correctly size-checked (e.g. CVE-2021-3527).
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-ID: <20230824164706.2652277-1-peter.maydell@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
---
util/iov.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/util/iov.c b/util/iov.c
index 866fb577f30..7e73948f5e3 100644
--- a/util/iov.c
+++ b/util/iov.c
@@ -571,7 +571,7 @@ static int sortelem_cmp_src_index(const void *a, const void *b)
*/
void qemu_iovec_clone(QEMUIOVector *dest, const QEMUIOVector *src, void *buf)
{
- IOVectorSortElem sortelems[src->niov];
+ g_autofree IOVectorSortElem *sortelems = g_new(IOVectorSortElem, src->niov);
void *last_end;
int i;
--
2.41.0
next prev parent reply other threads:[~2023-09-08 1:38 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-08 1:35 [PULL 00/13] NBD patches through 2023-09-07 Eric Blake
2023-09-08 1:35 ` [PULL 01/13] qemu-iotests/197: use more generic commands for formats other than qcow2 Eric Blake
2023-09-08 1:35 ` [PULL 02/13] nbd: drop unused nbd_receive_negotiate() aio_context argument Eric Blake
2023-09-08 1:35 ` [PULL 03/13] nbd: drop unused nbd_start_negotiate() " Eric Blake
2023-09-08 1:35 ` [PULL 04/13] io: check there are no qio_channel_yield() coroutines during ->finalize() Eric Blake
2023-09-08 1:35 ` [PULL 05/13] io: follow coroutine AioContext in qio_channel_yield() Eric Blake
2023-09-08 1:35 ` Eric Blake [this message]
2023-09-08 1:35 ` [PULL 07/13] qemu-nbd: improve error message for dup2 error Eric Blake
2023-09-08 1:35 ` [PULL 08/13] qemu-nbd: define struct NbdClientOpts when HAVE_NBD_DEVICE is not defined Eric Blake
2023-09-08 1:35 ` [PULL 09/13] qemu-nbd: move srcpath into struct NbdClientOpts Eric Blake
2023-09-08 1:35 ` [PULL 10/13] qemu-nbd: put saddr into " Eric Blake
2023-09-08 1:35 ` [PULL 11/13] qemu-nbd: invent nbd_client_release_pipe() helper Eric Blake
2023-09-08 1:35 ` [PULL 12/13] qemu-nbd: Restore "qemu-nbd -v --fork" output Eric Blake
2023-09-08 11:03 ` Stefan Hajnoczi
2023-09-08 11:24 ` Denis V. Lunev
2023-09-08 11:42 ` Denis V. Lunev
2023-09-08 12:09 ` Eric Blake
2023-09-08 1:35 ` [PULL 13/13] qemu-nbd: document -v behavior in respect to --fork in man Eric Blake
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230908013535.990731-21-eblake@redhat.com \
--to=eblake@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=philmd@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).