qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH 5/8] usb: fix unbounded stack for inotify_watchfn

From: Peter Xu
Subject: [Qemu-devel] [PATCH 5/8] usb: fix unbounded stack for inotify_watchfn
Date: Tue, 8 Mar 2016 15:00:43 +0800 
Suggested-by: Paolo Bonzini <address@hidden>
CC: Gerd Hoffmann <address@hidden>
Signed-off-by: Peter Xu <address@hidden>
---
 hw/usb/dev-mtp.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
index 7391783..e6dae2f 100644
--- a/hw/usb/dev-mtp.c
+++ b/hw/usb/dev-mtp.c
@@ -432,13 +432,13 @@ static void inotify_watchfn(void *arg)
 {
     MTPState *s = arg;
     ssize_t bytes;
+#define __BUF_LEN (sizeof(struct inotify_event) + NAME_MAX + 1)
     /* From the man page: atleast one event can be read */
-    int len = sizeof(struct inotify_event) + NAME_MAX + 1;
     int pos;
-    char buf[len];
+    char buf[__BUF_LEN];
 
     for (;;) {
-        bytes = read(s->inotifyfd, buf, len);
+        bytes = read(s->inotifyfd, buf, __BUF_LEN);
         pos = 0;
 
         if (bytes <= 0) {
@@ -534,6 +534,7 @@ static void inotify_watchfn(void *arg)
             }
         }
     }
+#undef __BUF_LEN
 }
 
 static int usb_mtp_inotify_init(MTPState *s)
-- 
2.4.3
reply via email to
[Prev in Thread] Current Thread [Next in Thread]