qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 4/4] vvfat: initialize memory after allocating i


From: Hervé Poussineau
Subject: Re: [Qemu-devel] [PATCH 4/4] vvfat: initialize memory after allocating it
Date: Sun, 16 Jul 2017 07:39:45 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0

Le 16/07/2017 à 00:24, Philippe Mathieu-Daudé a écrit :
Hi Hervé,

On 07/15/2017 10:28 AM, Hervé Poussineau wrote:
This prevents some host to guest memory content leaks.

Fixes: https://bugs.launchpad.net/qemu/+bug/1599539

Signed-off-by: Hervé Poussineau <address@hidden>
---
  block/vvfat.c | 1 +
  1 file changed, 1 insertion(+)

diff --git a/block/vvfat.c b/block/vvfat.c
index afc6170a69..7340decef3 100644
--- a/block/vvfat.c
+++ b/block/vvfat.c
@@ -115,6 +115,7 @@ static inline int array_ensure_allocated(array_t* array, 
int index)
          array->pointer = g_realloc(array->pointer, new_size);
          if (!array->pointer)
              return -1;

isn't it safer:

if (likely(new_size > array->size)) {

Not really, because the code is:
    if((index + 1) * array->item_size > array->size) {
        int new_size = (index + 32) * array->item_size;
        array->pointer = g_realloc(array->pointer, new_size);
        if (!array->pointer)
            return -1;
        array->size = new_size;
        array->next = index + 1;
    }

array->size is the size (in bytes) of the previous array.
new_size is (index + 32) * item_size
And, due to the "if", we know that (index + 1) * item_size > array->size.
So, new_size > array->size.


+        memset(array->pointer + array->size, 0, new_size - array->size);

}

?

          array->size = new_size;
          array->next = index + 1;
      }


Regards,

Phil.





reply via email to

[Prev in Thread] Current Thread [Next in Thread]