Re: [Qemu-devel] [PATCH v3 2/6] block: vmdk - move string allocations from stack to the heap

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Paolo Bonzini <pbonzini@redhat.com>
To: Jeff Cody <jcody@redhat.com>, qemu-devel@nongnu.org
Cc: kwolf@redhat.com, famz@redhat.com, jsnow@redhat.com, stefanha@redhat.com
Subject: Re: [Qemu-devel] [PATCH v3 2/6] block: vmdk - move string allocations from stack to the heap
Date: Tue, 10 Feb 2015 18:55:17 +0100	[thread overview]
Message-ID: <54DA4605.9030808@redhat.com> (raw)
In-Reply-To: <ee29e87277dc819c2f9832d8a7484e43e7177c74.1421931293.git.jcody@redhat.com>



On 22/01/2015 14:03, Jeff Cody wrote:
> Functions 'vmdk_parse_extents' and 'vmdk_create' allocate several
> PATH_MAX sized arrays on the stack.  Make these dynamically allocated.
> 
> Signed-off-by: Jeff Cody <jcody@redhat.com>
> ---
>  block/vmdk.c | 39 +++++++++++++++++++++++----------------
>  1 file changed, 23 insertions(+), 16 deletions(-)
> 
> diff --git a/block/vmdk.c b/block/vmdk.c
> index dc6459c..7d079ad 100644
> --- a/block/vmdk.c
> +++ b/block/vmdk.c
> @@ -792,12 +792,11 @@ static int vmdk_parse_extents(const char *desc, BlockDriverState *bs,
>      const char *p = desc;
>      int64_t sectors = 0;
>      int64_t flat_offset;
> -    char extent_path[PATH_MAX];
> +    char *extent_path;
>      BlockDriverState *extent_file;
>      BDRVVmdkState *s = bs->opaque;
>      VmdkExtent *extent;
>  
> -
>      while (*p) {
>          /* parse extent line in one of below formats:
>           *
> @@ -843,11 +842,13 @@ static int vmdk_parse_extents(const char *desc, BlockDriverState *bs,
>              return -EINVAL;
>          }
>  
> +        extent_path = g_malloc0(PATH_MAX);
>          path_combine(extent_path, sizeof(extent_path),

Oops, sizeof(extent_path) changed from PATH_MAX to sizeof(char*).
Coverity found this instance, I didn't check for others.

Paolo

>                  desc_file_path, fname);
>          extent_file = NULL;
>          ret = bdrv_open(&extent_file, extent_path, NULL, NULL,
>                          bs->open_flags | BDRV_O_PROTOCOL, NULL, errp);
> +        g_free(extent_path);
>          if (ret) {
>              return ret;
>          }
> @@ -1797,10 +1798,15 @@ static int vmdk_create(const char *filename, QemuOpts *opts, Error **errp)
>      int ret = 0;
>      bool flat, split, compress;
>      GString *ext_desc_lines;
> -    char path[PATH_MAX], prefix[PATH_MAX], postfix[PATH_MAX];
> +    char *path = g_malloc0(PATH_MAX);
> +    char *prefix = g_malloc0(PATH_MAX);
> +    char *postfix = g_malloc0(PATH_MAX);
> +    char *desc_line = g_malloc0(BUF_SIZE);
> +    char *ext_filename = g_malloc0(PATH_MAX);
> +    char *desc_filename = g_malloc0(PATH_MAX);
>      const int64_t split_size = 0x80000000;  /* VMDK has constant split size */
>      const char *desc_extent_line;
> -    char parent_desc_line[BUF_SIZE] = "";
> +    char *parent_desc_line = g_malloc0(BUF_SIZE);
>      uint32_t parent_cid = 0xffffffff;
>      uint32_t number_heads = 16;
>      bool zeroed_grain = false;
> @@ -1916,33 +1922,27 @@ static int vmdk_create(const char *filename, QemuOpts *opts, Error **errp)
>          }
>          parent_cid = vmdk_read_cid(bs, 0);
>          bdrv_unref(bs);
> -        snprintf(parent_desc_line, sizeof(parent_desc_line),
> +        snprintf(parent_desc_line, BUF_SIZE,
>                  "parentFileNameHint=\"%s\"", backing_file);
>      }
>  
>      /* Create extents */
>      filesize = total_size;
>      while (filesize > 0) {
> -        char desc_line[BUF_SIZE];
> -        char ext_filename[PATH_MAX];
> -        char desc_filename[PATH_MAX];
>          int64_t size = filesize;
>  
>          if (split && size > split_size) {
>              size = split_size;
>          }
>          if (split) {
> -            snprintf(desc_filename, sizeof(desc_filename), "%s-%c%03d%s",
> +            snprintf(desc_filename, PATH_MAX, "%s-%c%03d%s",
>                      prefix, flat ? 'f' : 's', ++idx, postfix);
>          } else if (flat) {
> -            snprintf(desc_filename, sizeof(desc_filename), "%s-flat%s",
> -                    prefix, postfix);
> +            snprintf(desc_filename, PATH_MAX, "%s-flat%s", prefix, postfix);
>          } else {
> -            snprintf(desc_filename, sizeof(desc_filename), "%s%s",
> -                    prefix, postfix);
> +            snprintf(desc_filename, PATH_MAX, "%s%s", prefix, postfix);
>          }
> -        snprintf(ext_filename, sizeof(ext_filename), "%s%s",
> -                path, desc_filename);
> +        snprintf(ext_filename, PATH_MAX, "%s%s", path, desc_filename);
>  
>          if (vmdk_create_extent(ext_filename, size,
>                                 flat, compress, zeroed_grain, opts, errp)) {
> @@ -1952,7 +1952,7 @@ static int vmdk_create(const char *filename, QemuOpts *opts, Error **errp)
>          filesize -= size;
>  
>          /* Format description line */
> -        snprintf(desc_line, sizeof(desc_line),
> +        snprintf(desc_line, BUF_SIZE,
>                      desc_extent_line, size / BDRV_SECTOR_SIZE, desc_filename);
>          g_string_append(ext_desc_lines, desc_line);
>      }
> @@ -2007,6 +2007,13 @@ exit:
>      g_free(backing_file);
>      g_free(fmt);
>      g_free(desc);
> +    g_free(path);
> +    g_free(prefix);
> +    g_free(postfix);
> +    g_free(desc_line);
> +    g_free(ext_filename);
> +    g_free(desc_filename);
> +    g_free(parent_desc_line);
>      g_string_free(ext_desc_lines, true);
>      return ret;
>  }
>

next prev parent reply	other threads:[~2015-02-10 17:55 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-01-22 13:03 [Qemu-devel] [PATCH v3 0/6] Update filename string sizes in block layer Jeff Cody
2015-01-22 13:03 ` [Qemu-devel] [PATCH v3 1/6] block: vmdk - make ret variable usage clear Jeff Cody
2015-01-22 13:03 ` [Qemu-devel] [PATCH v3 2/6] block: vmdk - move string allocations from stack to the heap Jeff Cody
2015-02-10 17:55   ` Paolo Bonzini [this message]
2015-01-22 13:03 ` [Qemu-devel] [PATCH v3 3/6] block: qapi - move string allocation " Jeff Cody
2015-01-22 13:03 ` [Qemu-devel] [PATCH v3 4/6] block: remove unused variable in bdrv_commit Jeff Cody
2015-01-22 13:03 ` [Qemu-devel] [PATCH v3 5/6] block: mirror - change string allocation to 2-bytes Jeff Cody
2015-01-22 13:03 ` [Qemu-devel] [PATCH v3 6/6] block: update string sizes for filename, backing_file, exact_filename Jeff Cody
2015-01-23 13:36 ` [Qemu-devel] [PATCH v3 0/6] Update filename string sizes in block layer Kevin Wolf

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=54DA4605.9030808@redhat.com \
    --to=pbonzini@redhat.com \
    --cc=famz@redhat.com \
    --cc=jcody@redhat.com \
    --cc=jsnow@redhat.com \
    --cc=kwolf@redhat.com \
    --cc=qemu-devel@nongnu.org \
    --cc=stefanha@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).