From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:52839)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1ai6uG-0001k6-5u
	for qemu-devel@nongnu.org; Mon, 21 Mar 2016 16:58:33 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1ai6uA-0004aU-Ua
	for qemu-devel@nongnu.org; Mon, 21 Mar 2016 16:58:32 -0400
Received: from mx1.redhat.com ([209.132.183.28]:40434)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1ai6uA-0004aH-Jz
	for qemu-devel@nongnu.org; Mon, 21 Mar 2016 16:58:26 -0400
Received: from int-mx13.intmail.prod.int.phx2.redhat.com
	(int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26])
	by mx1.redhat.com (Postfix) with ESMTPS id F1EDF46215
	for <qemu-devel@nongnu.org>; Mon, 21 Mar 2016 20:58:25 +0000 (UTC)
References: <1457503418-31299-1-git-send-email-peterx@redhat.com>
	<20160310013605.GD4091@pxdev.xzpeter.org>
From: Eric Blake <eblake@redhat.com>
Message-ID: <56F06071.6080306@redhat.com>
Date: Mon, 21 Mar 2016 14:58:25 -0600
MIME-Version: 1.0
In-Reply-To: <20160310013605.GD4091@pxdev.xzpeter.org>
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature";
	boundary="A3wgvbqkAxNUEXMF8CscebEJoBFoKs1DJ"
Subject: Re: [Qemu-devel] [PATCH] qdict: fix unbounded stack for
	qdict_array_entries
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Peter Xu <peterx@redhat.com>, qemu-devel@nongnu.org
Cc: Kevin Wolf <kwolf@redhat.com>, pbonzini@redhat.com, Markus Armbruster <armbru@redhat.com>

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--A3wgvbqkAxNUEXMF8CscebEJoBFoKs1DJ
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On 03/09/2016 06:36 PM, Peter Xu wrote:
> Sorry to forgot CCing Eric/Markus/Kevin.
>=20
> This patch title is not correct, which should be:
>=20
> "Fix unbounded stack warning for qdict_array_entries"

Keep the 'qdict:' prefix, but yes, adding "warning" helps the commit
message.

>=20
> Do I need to re-send with the same content?

For just the title adjustment, it's up to the maintainer.  Often, a
maintainer will make small changes like that before sending a pull reques=
t.

>=20
> I'm using g_strdup_printf() here, considering it's most convenient,
> safe, and as long as it's called rarely only when quorum device
> opens.

On the other hand, this information might have been useful...

>=20
> Thanks.
> Peter
>=20
> On Wed, Mar 09, 2016 at 02:03:38PM +0800, Peter Xu wrote:
>> Signed-off-by: Peter Xu <peterx@redhat.com>

=2E..in the commit body proper (explaining why you are always allocating,=

because it is not a hot path).  So a v2 might indeed be easier.

>> +++ b/qobject/qdict.c
>> @@ -704,19 +704,16 @@ int qdict_array_entries(QDict *src, const char *=
subqdict)
>>      for (i =3D 0; i < INT_MAX; i++) {
>>          QObject *subqobj;
>>          int subqdict_entries;
>> -        size_t slen =3D 32 + subqdict_len;
>> -        char indexstr[slen], prefix[slen];
>> -        size_t snprintf_ret;
>> +        char *prefix =3D g_strdup_printf("%s%u.", subqdict, i);

If we were worried that this could be a hot path, you could add a %n and
&len here...

>> =20
>> -        snprintf_ret =3D snprintf(indexstr, slen, "%s%u", subqdict, i=
);
>> -        assert(snprintf_ret < slen);
>> +        subqdict_entries =3D qdict_count_prefixed_entries(src, prefix=
);
>> =20
>> -        subqobj =3D qdict_get(src, indexstr);
>> +        /* Remove ending "." */
>> +        prefix[strlen(prefix) - 1] =3D 0x00;

=2E..to avoid the strlen() call here.  But this is not a hot path, and %n=

always makes me worry about security, so I'm fine with your approach.

However, 0x00 is a rather verbose way of writing 0 (and even if you want
verbosity, '\0' is more idiomatic 0x00).

At this point, if you send a v2 with s/0x00/0/ and the improved commit
message, you can also include:
Reviewed-by: Eric Blake <eblake@redhat.com>

--=20
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


--A3wgvbqkAxNUEXMF8CscebEJoBFoKs1DJ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Public key at http://people.redhat.com/eblake/eblake.gpg
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBCAAGBQJW8GBxAAoJEKeha0olJ0NqMNsH/0Z/DlFZm5KGErPoqD3lBNxX
sGDGTXZJl7pUt4SCWwpnEDRZkFST2w3dEZne9nqKYp++xqitHtVIL8RnX8fxk8EX
zCPj9I0KqW+x0CnnaSRvk4BArIONAPurvEyep3ROkCvzxXkIQSBDhErk07bHBbYf
ZbfI84Y0sLotYsmI0zKOMk17hvCcdjxpAGmoA/JigoVyRl3zj6yTH4mUQPbyGkkm
eDB0xX6dCYcUBGXZKZcxtboXCyt5w3SIvl7zb/nxmpbUoxyxAgydxEbO7dObrMI9
S9bePCzpe+QBkj3feDhpgOmyXIQpX+iilA0OBce0wrqrspZ/fyzUZn2amNKzsg8=
=hLb3
-----END PGP SIGNATURE-----

--A3wgvbqkAxNUEXMF8CscebEJoBFoKs1DJ--