[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] linux-user: Support setgroups syscall with no g
|
From: |
Peter Maydell |
|
Subject: |
Re: [Qemu-devel] [PATCH] linux-user: Support setgroups syscall with no groups |
|
Date: |
Mon, 4 Feb 2013 21:07:06 +0000 |
On 4 February 2013 18:38, Eric Blake <address@hidden> wrote:
> On 02/02/2013 04:04 PM, address@hidden wrote:
>> -
>> - grouplist = alloca(gidsetsize * sizeof(gid_t));
>> - target_grouplist = lock_user(VERIFY_READ, arg2, gidsetsize * 2,
>> 1);
>> - if (!target_grouplist) {
>> - ret = -TARGET_EFAULT;
>> - goto fail;
>> + if (gidsetsize) {
>> + grouplist = alloca(gidsetsize * sizeof(gid_t));
>
> Is this alloca() safe, or are you risking stack overflow if the user
> passes an extremely large arg1?
No, the linux-user has a number of long-standing not-terribly-safe
alloca calls like this. If anybody wants to go through and fix them
patches are welcome, but I don't think it's fair to require them
to be fixed in order to get fairly simple patches like this in,
where the patch is merely reindenting existing dubious code, not
adding to the problem.
-- PMM