[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 1/8] qdict: fix unbounded stack for qdict_array_
|
From: |
Markus Armbruster |
|
Subject: |
Re: [Qemu-devel] [PATCH 1/8] qdict: fix unbounded stack for qdict_array_entries |
|
Date: |
Tue, 08 Mar 2016 09:22:04 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) |
Cc: Kevin, because he added the array in question.
Peter Xu <address@hidden> writes:
> Suggested-by: Paolo Bonzini <address@hidden>
> CC: Luiz Capitulino <address@hidden>
> Signed-off-by: Peter Xu <address@hidden>
> ---
> qobject/qdict.c | 15 +++++++++------
> 1 file changed, 9 insertions(+), 6 deletions(-)
>
> diff --git a/qobject/qdict.c b/qobject/qdict.c
> index 9833bd0..eb602a7 100644
> --- a/qobject/qdict.c
> +++ b/qobject/qdict.c
> @@ -704,17 +704,19 @@ int qdict_array_entries(QDict *src, const char
> *subqdict)
> for (i = 0; i < INT_MAX; i++) {
> QObject *subqobj;
> int subqdict_entries;
> - size_t slen = 32 + subqdict_len;
> - char indexstr[slen], prefix[slen];
> +#define __SLEN_MAX (128)
> + char indexstr[__SLEN_MAX], prefix[__SLEN_MAX];
> size_t snprintf_ret;
>
> - snprintf_ret = snprintf(indexstr, slen, "%s%u", subqdict, i);
> - assert(snprintf_ret < slen);
> + assert(__SLEN_MAX >= 32 + subqdict_len);
> +
> + snprintf_ret = snprintf(indexstr, __SLEN_MAX, "%s%u", subqdict, i);
> + assert(snprintf_ret < __SLEN_MAX);
>
> subqobj = qdict_get(src, indexstr);
>
> - snprintf_ret = snprintf(prefix, slen, "%s%u.", subqdict, i);
> - assert(snprintf_ret < slen);
> + snprintf_ret = snprintf(prefix, __SLEN_MAX, "%s%u.", subqdict, i);
> + assert(snprintf_ret < __SLEN_MAX);
>
> subqdict_entries = qdict_count_prefixed_entries(src, prefix);
> if (subqdict_entries < 0) {
> @@ -745,6 +747,7 @@ int qdict_array_entries(QDict *src, const char *subqdict)
> }
>
> return i;
> +#undef __SLEN_MAX
> }
>
> /**
Same arguments as for PATCH 2, except here an argument on the maximum
length of subqdict would probably be easier.
Unrelated to your patch: I think we've pushed QDict use father than
sensible. Encoding multiple keys in a string so you can use a flat
associative array as your catch-all data structure is appropriate in
AWK, but in C? Not so much...
- [Qemu-devel] [PATCH 0/8] Fix several unbounded stack usage, Peter Xu, 2016/03/08
- [Qemu-devel] [PATCH 1/8] qdict: fix unbounded stack for qdict_array_entries, Peter Xu, 2016/03/08
- Re: [Qemu-devel] [PATCH 1/8] qdict: fix unbounded stack for qdict_array_entries,
Markus Armbruster <=
- Re: [Qemu-devel] [PATCH 1/8] qdict: fix unbounded stack for qdict_array_entries, Peter Xu, 2016/03/08
- Re: [Qemu-devel] [PATCH 1/8] qdict: fix unbounded stack for qdict_array_entries, Eric Blake, 2016/03/08
- Re: [Qemu-devel] [PATCH 1/8] qdict: fix unbounded stack for qdict_array_entries, Peter Xu, 2016/03/08
- Re: [Qemu-devel] [PATCH 1/8] qdict: fix unbounded stack for qdict_array_entries, Kevin Wolf, 2016/03/09
- Re: [Qemu-devel] [PATCH 1/8] qdict: fix unbounded stack for qdict_array_entries, Markus Armbruster, 2016/03/09
- Re: [Qemu-devel] [PATCH 1/8] qdict: fix unbounded stack for qdict_array_entries, Kevin Wolf, 2016/03/09