Re: [Qemu-devel] [PATCH] Do not use slow [*] expansion for GPIO creation

[Pavel Fedin]

 Hello!

> > +    l = strlen(name);
> > +    propname = g_malloc(l + 13); /* 10 characters for UINT_MAX plus "[]" */
> > +    memcpy(propname, name, l);
> 
> Please don't do manual string length calculations in combination with
> unbounded sprintf calls. It is a recipe for future security bugs.

[skip]

> >      for (i = gpio_list->num_in; i < gpio_list->num_in + n; i++) {
> > +        g_sprintf(&propname[l], "[%u]", i);
> 
> Replace this with
> 
>     gchar *propname = g_strdup_printf("%s[%u]", name, i)
> 
> >          object_property_add_child(OBJECT(dev), propname,
> >                                    OBJECT(gpio_list->in[i]), &error_abort);
> 
>     g_free(propname);

 IMHO it's not really good because of repeating allocation-free. This is not 
VERY slow, but still slower than it could be (imagine that this repeats ~1000 
times).
 I have a better idea instead. What if instead:

propname = g_malloc(l + 13); /* 10 characters for UINT_MAX plus "[]" */

 i do:

propname = g_strdup_printf("%s[%u]", name, -1)

 ? This will automatically give me a buffer to fit in the largest possible 
integer.

Kind regards,
Pavel Fedin
Expert Engineer
Samsung Electronics Research center Russia