qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 5/8] usb: fix unbounded stack for inotify_watchf

From: Peter Maydell
Subject: Re: [Qemu-devel] [PATCH 5/8] usb: fix unbounded stack for inotify_watchfn
Date: Tue, 8 Mar 2016 14:20:47 +0700 
On 8 March 2016 at 14:00, Peter Xu <address@hidden> wrote:
> Suggested-by: Paolo Bonzini <address@hidden>
> CC: Gerd Hoffmann <address@hidden>
> Signed-off-by: Peter Xu <address@hidden>
> ---
>  hw/usb/dev-mtp.c | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
> index 7391783..e6dae2f 100644
> --- a/hw/usb/dev-mtp.c
> +++ b/hw/usb/dev-mtp.c
> @@ -432,13 +432,13 @@ static void inotify_watchfn(void *arg)
>  {
>      MTPState *s = arg;
>      ssize_t bytes;
> +#define __BUF_LEN (sizeof(struct inotify_event) + NAME_MAX + 1)
>      /* From the man page: atleast one event can be read */
> -    int len = sizeof(struct inotify_event) + NAME_MAX + 1;
>      int pos;
> -    char buf[len];
> +    char buf[__BUF_LEN];

The commit message subject says this is fixing an unbounded
stack usage, but (a) this array wasn't unbounded in size
(b) the change doesn't change the size we allocate.
What are you trying to do here?

thanks
-- PMM
reply via email to
[Prev in Thread] Current Thread [Next in Thread]