* [PATCH] pci: fix overflow in printf string formatting
@ 2022-05-31 9:25 Claudio Fontana
2022-05-31 9:25 ` Claudio Fontana
2022-05-31 10:26 ` Paolo Bonzini
0 siblings, 2 replies; 6+ messages in thread
From: Claudio Fontana @ 2022-05-31 9:25 UTC (permalink / raw)
To: Michael S. Tsirkin
Cc: Marcel Apfelbaum, qemu-devel, Dario Faggioli, Claudio Fontana
Signed-off-by: Claudio Fontana <cfontana@suse.de>
---
hw/pci/pci.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/hw/pci/pci.c b/hw/pci/pci.c
index a9b37f8000..6e7015329c 100644
--- a/hw/pci/pci.c
+++ b/hw/pci/pci.c
@@ -2640,15 +2640,15 @@ static char *pci_dev_fw_name(DeviceState *dev, char *buf, int len)
static char *pcibus_get_fw_dev_path(DeviceState *dev)
{
PCIDevice *d = (PCIDevice *)dev;
- char path[50], name[33];
- int off;
-
- off = snprintf(path, sizeof(path), "%s@%x",
- pci_dev_fw_name(dev, name, sizeof name),
- PCI_SLOT(d->devfn));
- if (PCI_FUNC(d->devfn))
- snprintf(path + off, sizeof(path) + off, ",%x", PCI_FUNC(d->devfn));
- return g_strdup(path);
+ char name[33];
+ int has_func = !!PCI_FUNC(d->devfn);
+
+ return g_strdup_printf("%s@%x%s%.*x",
+ pci_dev_fw_name(dev, name, sizeof(name)),
+ PCI_SLOT(d->devfn),
+ has_func ? "," : "",
+ has_func,
+ PCI_FUNC(d->devfn));
}
static char *pcibus_get_dev_path(DeviceState *dev)
--
2.26.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH] pci: fix overflow in printf string formatting
2022-05-31 9:25 [PATCH] pci: fix overflow in printf string formatting Claudio Fontana
@ 2022-05-31 9:25 ` Claudio Fontana
2022-05-31 9:47 ` Peter Maydell
2022-05-31 10:26 ` Paolo Bonzini
1 sibling, 1 reply; 6+ messages in thread
From: Claudio Fontana @ 2022-05-31 9:25 UTC (permalink / raw)
To: Michael S. Tsirkin
Cc: Marcel Apfelbaum, qemu-devel, Dario Faggioli, Claudio Fontana
Signed-off-by: Claudio Fontana <cfontana@suse.de>
---
hw/pci/pci.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/hw/pci/pci.c b/hw/pci/pci.c
index a9b37f8000..6e7015329c 100644
--- a/hw/pci/pci.c
+++ b/hw/pci/pci.c
@@ -2640,15 +2640,15 @@ static char *pci_dev_fw_name(DeviceState *dev, char *buf, int len)
static char *pcibus_get_fw_dev_path(DeviceState *dev)
{
PCIDevice *d = (PCIDevice *)dev;
- char path[50], name[33];
- int off;
-
- off = snprintf(path, sizeof(path), "%s@%x",
- pci_dev_fw_name(dev, name, sizeof name),
- PCI_SLOT(d->devfn));
- if (PCI_FUNC(d->devfn))
- snprintf(path + off, sizeof(path) + off, ",%x", PCI_FUNC(d->devfn));
- return g_strdup(path);
+ char name[33];
+ int has_func = !!PCI_FUNC(d->devfn);
+
+ return g_strdup_printf("%s@%x%s%.*x",
+ pci_dev_fw_name(dev, name, sizeof(name)),
+ PCI_SLOT(d->devfn),
+ has_func ? "," : "",
+ has_func,
+ PCI_FUNC(d->devfn));
}
static char *pcibus_get_dev_path(DeviceState *dev)
--
2.26.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] pci: fix overflow in printf string formatting
2022-05-31 9:25 ` Claudio Fontana
@ 2022-05-31 9:47 ` Peter Maydell
2022-05-31 9:55 ` Claudio Fontana
0 siblings, 1 reply; 6+ messages in thread
From: Peter Maydell @ 2022-05-31 9:47 UTC (permalink / raw)
To: Claudio Fontana
Cc: Michael S. Tsirkin, Marcel Apfelbaum, qemu-devel, Dario Faggioli
On Tue, 31 May 2022 at 10:34, Claudio Fontana <cfontana@suse.de> wrote:
>
> Signed-off-by: Claudio Fontana <cfontana@suse.de>
It would be helpful to note in the commit message how
bad the overflow is, in what situations it can happen,
and how it was detected.
thanks
-- PMM
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] pci: fix overflow in printf string formatting
2022-05-31 9:47 ` Peter Maydell
@ 2022-05-31 9:55 ` Claudio Fontana
2022-05-31 10:12 ` Claudio Fontana
0 siblings, 1 reply; 6+ messages in thread
From: Claudio Fontana @ 2022-05-31 9:55 UTC (permalink / raw)
To: Peter Maydell
Cc: Michael S. Tsirkin, Marcel Apfelbaum, qemu-devel, Dario Faggioli
On 5/31/22 11:47, Peter Maydell wrote:
> On Tue, 31 May 2022 at 10:34, Claudio Fontana <cfontana@suse.de> wrote:
>>
>> Signed-off-by: Claudio Fontana <cfontana@suse.de>
>
> It would be helpful to note in the commit message how
> bad the overflow is, in what situations it can happen,
> and how it was detected.
>
> thanks
> -- PMM
Hi Peter,
sorry I should have linked to this previous message by Dario:
https://lists.gnu.org/archive/html/qemu-devel/2022-05/msg05518.html
It was detected when building QEMU with FORTIFY_SOURCE=3.
Thanks,
Claudio
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] pci: fix overflow in printf string formatting
2022-05-31 9:55 ` Claudio Fontana
@ 2022-05-31 10:12 ` Claudio Fontana
0 siblings, 0 replies; 6+ messages in thread
From: Claudio Fontana @ 2022-05-31 10:12 UTC (permalink / raw)
To: Peter Maydell
Cc: Michael S. Tsirkin, Marcel Apfelbaum, qemu-devel, Dario Faggioli
On 5/31/22 11:55, Claudio Fontana wrote:
> On 5/31/22 11:47, Peter Maydell wrote:
>> On Tue, 31 May 2022 at 10:34, Claudio Fontana <cfontana@suse.de> wrote:
>>>
>>> Signed-off-by: Claudio Fontana <cfontana@suse.de>
>>
>> It would be helpful to note in the commit message how
>> bad the overflow is, in what situations it can happen,
>> and how it was detected.
>>
>> thanks
>> -- PMM
>
> Hi Peter,
>
> sorry I should have linked to this previous message by Dario:
>
> https://lists.gnu.org/archive/html/qemu-devel/2022-05/msg05518.html
>
> It was detected when building QEMU with FORTIFY_SOURCE=3.
>
> Thanks,
>
> Claudio
>
>
Will resend with more explanation in the commit message btw.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] pci: fix overflow in printf string formatting
2022-05-31 9:25 [PATCH] pci: fix overflow in printf string formatting Claudio Fontana
2022-05-31 9:25 ` Claudio Fontana
@ 2022-05-31 10:26 ` Paolo Bonzini
1 sibling, 0 replies; 6+ messages in thread
From: Paolo Bonzini @ 2022-05-31 10:26 UTC (permalink / raw)
To: Claudio Fontana, Michael S. Tsirkin
Cc: Marcel Apfelbaum, qemu-devel, Dario Faggioli, qemu-stable
On 5/31/22 11:25, Claudio Fontana wrote:
> Signed-off-by: Claudio Fontana <cfontana@suse.de>
> ---
> hw/pci/pci.c | 18 +++++++++---------
> 1 file changed, 9 insertions(+), 9 deletions(-)
>
> diff --git a/hw/pci/pci.c b/hw/pci/pci.c
> index a9b37f8000..6e7015329c 100644
> --- a/hw/pci/pci.c
> +++ b/hw/pci/pci.c
> @@ -2640,15 +2640,15 @@ static char *pci_dev_fw_name(DeviceState *dev, char *buf, int len)
> static char *pcibus_get_fw_dev_path(DeviceState *dev)
> {
> PCIDevice *d = (PCIDevice *)dev;
> - char path[50], name[33];
> - int off;
> -
> - off = snprintf(path, sizeof(path), "%s@%x",
> - pci_dev_fw_name(dev, name, sizeof name),
> - PCI_SLOT(d->devfn));
> - if (PCI_FUNC(d->devfn))
> - snprintf(path + off, sizeof(path) + off, ",%x", PCI_FUNC(d->devfn));
> - return g_strdup(path);
> + char name[33];
> + int has_func = !!PCI_FUNC(d->devfn);
> +
> + return g_strdup_printf("%s@%x%s%.*x",
> + pci_dev_fw_name(dev, name, sizeof(name)),
> + PCI_SLOT(d->devfn),
> + has_func ? "," : "",
> + has_func,
> + PCI_FUNC(d->devfn));
> }
>
> static char *pcibus_get_dev_path(DeviceState *dev)
Cc: qemu-stable@nongnu.org
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-05-31 10:29 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-05-31 9:25 [PATCH] pci: fix overflow in printf string formatting Claudio Fontana
2022-05-31 9:25 ` Claudio Fontana
2022-05-31 9:47 ` Peter Maydell
2022-05-31 9:55 ` Claudio Fontana
2022-05-31 10:12 ` Claudio Fontana
2022-05-31 10:26 ` Paolo Bonzini
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).