From: Chen Gang <gang.chen.5i5j@gmail.com>
To: "Daniel P. Berrange" <berrange@redhat.com>
Cc: aneesh.kumar@linux.vnet.ibm.com, aliguori@amazon.com,
QEMU Developers <qemu-devel@nongnu.org>
Subject: Re: [Qemu-devel] [PATCH] hw/9pfs/virtio-9p-local.c: use snprintf() instead of sprintf()
Date: Tue, 04 Feb 2014 19:02:18 +0800 [thread overview]
Message-ID: <52F0C8BA.7020709@gmail.com> (raw)
In-Reply-To: <52EF71DC.3000309@gmail.com>
On 02/03/2014 06:39 PM, Chen Gang wrote:
> On 02/03/2014 06:34 PM, Daniel P. Berrange wrote:
>> On Mon, Feb 03, 2014 at 06:00:42PM +0800, Chen Gang wrote:
>>> We can not assume "'path' + 'ctx->fs_root'" must be less than MAX_PATH,
>>> so need use snprintf() instead of sprintf().
>>>
>>> And also recommend to use ARRAY_SIZE instead of hard code macro for an
>>> array size in snprintf().
>>
>> In the event that there is overflow this will cause the data to be
>> truncated, potentially causing QEMU to access the wrong file on the
>> host. Both snprintf and sprintf are really bad because of their
>> use of fixed buffers. Better to change it to g_strdup_printf which
>> dynamically allocates buffers.
>>
After check the details, I guess we can not change to g_strdup_printf or
others (e.g. v9fs_string_*).
v9fs need use "mkdir, remove ..." which have MAX_PATH limitation. So if
the combined path is longer than MAX_PATH, before it passes to "mkdir,
remove ...", it has to be truncated just like what rpath() has done.
So for me, we have to still use snprintf() instead of sprintf(), but
really need provide the related comments under each snprintf().
>
> That sounds reasonable to me, I will send patch v2 for it.
>
>
> Thanks.
>
Thanks.
--
Chen Gang
Open, share and attitude like air, water and life which God blessed
next prev parent reply other threads:[~2014-02-04 11:02 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-03 10:00 [Qemu-devel] [PATCH] hw/9pfs/virtio-9p-local.c: use snprintf() instead of sprintf() Chen Gang
2014-02-03 10:34 ` Daniel P. Berrange
2014-02-03 10:39 ` Chen Gang
2014-02-04 11:02 ` Chen Gang [this message]
2014-02-04 11:06 ` Daniel P. Berrange
2014-02-04 11:22 ` Chen Gang
2014-02-04 16:18 ` Aneesh Kumar K.V
2014-02-04 23:44 ` Chen Gang
2014-02-15 9:21 ` Chen Gang
2014-02-23 4:48 ` [Qemu-devel] [PATCH] hw/9pfs: use g_strdup_printf() instead of PATH_MAX limitation Chen Gang
2014-02-23 5:18 ` Chen Gang
2014-02-24 9:22 ` Markus Armbruster
2014-02-24 11:16 ` Gang Chen
2014-02-24 12:52 ` Markus Armbruster
2014-02-27 23:35 ` Chen Gang
2014-03-01 17:33 ` [Qemu-devel] [PATCH 0/3] hw/9pfs: fix 3 issues which related with path string Chen Gang
2014-03-01 17:34 ` [Qemu-devel] [PATCH 1/3] hw/9pfs/virtio-9p-local.c: move v9fs_string_free() to below "err_out:" Chen Gang
2014-03-01 17:35 ` [Qemu-devel] [PATCH 2/3] hw/9pfs/virtio-9p-local.c: use snprintf() instead of sprintf() Chen Gang
2014-03-01 17:36 ` [Qemu-devel] [PATCH 3/3] hw/9pfs: use g_strdup_printf() instead of PATH_MAX limitation Chen Gang
2014-03-03 8:34 ` Markus Armbruster
2014-03-03 10:51 ` Chen Gang
2014-03-03 16:22 ` Aneesh Kumar K.V
2014-03-03 19:29 ` Aneesh Kumar K.V
2014-03-04 0:27 ` Chen Gang
2014-03-03 8:34 ` [Qemu-devel] [PATCH 2/3] hw/9pfs/virtio-9p-local.c: use snprintf() instead of sprintf() Markus Armbruster
2014-03-03 10:54 ` Chen Gang
2014-03-03 14:42 ` Markus Armbruster
2014-03-04 0:38 ` Chen Gang
2014-03-03 15:33 ` Aneesh Kumar K.V
2014-03-03 15:33 ` Aneesh Kumar K.V
2014-03-03 15:29 ` [Qemu-devel] [PATCH 1/3] hw/9pfs/virtio-9p-local.c: move v9fs_string_free() to below "err_out:" Aneesh Kumar K.V
2014-03-04 0:11 ` Chen Gang
2014-03-03 17:43 ` [Qemu-devel] [PATCH 0/3] hw/9pfs: fix 3 issues which related with path string Eric Blake
2014-03-04 0:59 ` Chen Gang
2014-02-04 13:09 ` [Qemu-devel] [PATCH] hw/9pfs/virtio-9p-local.c: use snprintf() instead of sprintf() Eric Blake
2014-02-04 12:25 ` Markus Armbruster
2014-02-04 13:12 ` Eric Blake
2014-02-04 13:43 ` Chen Gang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52F0C8BA.7020709@gmail.com \
--to=gang.chen.5i5j@gmail.com \
--cc=aliguori@amazon.com \
--cc=aneesh.kumar@linux.vnet.ibm.com \
--cc=berrange@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).