[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [for-2.11 PATCH 04/26] spapr_drc: use g_strdup_printf()
|
From: |
David Gibson |
|
Subject: |
Re: [Qemu-devel] [for-2.11 PATCH 04/26] spapr_drc: use g_strdup_printf() instead of snprintf() |
|
Date: |
Wed, 26 Jul 2017 13:58:38 +1000 |
|
User-agent: |
Mutt/1.8.3 (2017-05-23) |
On Tue, Jul 25, 2017 at 07:58:53PM +0200, Greg Kurz wrote:
> Passing a stack allocated buffer of arbitrary length to snprintf()
> without checking the return value can cause the resultant strings
> to be silently truncated.
>
> Signed-off-by: Greg Kurz <address@hidden>
Applied to ppc-for-2.11.
> ---
> hw/ppc/spapr_drc.c | 15 +++++++++------
> 1 file changed, 9 insertions(+), 6 deletions(-)
>
> diff --git a/hw/ppc/spapr_drc.c b/hw/ppc/spapr_drc.c
> index 15bae5c216a9..e4e8383ec7b5 100644
> --- a/hw/ppc/spapr_drc.c
> +++ b/hw/ppc/spapr_drc.c
> @@ -488,7 +488,7 @@ static void realize(DeviceState *d, Error **errp)
> {
> sPAPRDRConnector *drc = SPAPR_DR_CONNECTOR(d);
> Object *root_container;
> - char link_name[256];
> + gchar *link_name;
> gchar *child_name;
> Error *err = NULL;
>
> @@ -501,11 +501,12 @@ static void realize(DeviceState *d, Error **errp)
> * existing in the composition tree
> */
> root_container = container_get(object_get_root(), DRC_CONTAINER_PATH);
> - snprintf(link_name, sizeof(link_name), "%x", spapr_drc_index(drc));
> + link_name = g_strdup_printf("%x", spapr_drc_index(drc));
> child_name = object_get_canonical_path_component(OBJECT(drc));
> trace_spapr_drc_realize_child(spapr_drc_index(drc), child_name);
> object_property_add_alias(root_container, link_name,
> drc->owner, child_name, &err);
> + g_free(link_name);
> if (err) {
> error_report_err(err);
> object_unref(OBJECT(drc));
> @@ -521,13 +522,14 @@ static void unrealize(DeviceState *d, Error **errp)
> {
> sPAPRDRConnector *drc = SPAPR_DR_CONNECTOR(d);
> Object *root_container;
> - char name[256];
> + gchar *name;
> Error *err = NULL;
>
> trace_spapr_drc_unrealize(spapr_drc_index(drc));
> root_container = container_get(object_get_root(), DRC_CONTAINER_PATH);
> - snprintf(name, sizeof(name), "%x", spapr_drc_index(drc));
> + name = g_strdup_printf("%x", spapr_drc_index(drc));
> object_property_del(root_container, name, &err);
> + g_free(name);
> if (err) {
> error_report_err(err);
> object_unref(OBJECT(drc));
> @@ -729,10 +731,11 @@ static const TypeInfo spapr_drc_lmb_info = {
> sPAPRDRConnector *spapr_drc_by_index(uint32_t index)
> {
> Object *obj;
> - char name[256];
> + gchar *name;
>
> - snprintf(name, sizeof(name), "%s/%x", DRC_CONTAINER_PATH, index);
> + name = g_strdup_printf("%s/%x", DRC_CONTAINER_PATH, index);
> obj = object_resolve_path(name, NULL);
> + g_free(name);
>
> return !obj ? NULL : SPAPR_DR_CONNECTOR(obj);
> }
>
--
David Gibson | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
signature.asc
Description: PGP signature
- Re: [Qemu-devel] [for-2.11 PATCH 01/26] spapr: move spapr_create_phb() to core machine code, (continued)
[Qemu-devel] [for-2.11 PATCH 05/26] spapr_iommu: convert TCE table object to realize(), Greg Kurz, 2017/07/25
[Qemu-devel] [for-2.11 PATCH 06/26] spapr_pci: parent the MSI memory region to the PHB, Greg Kurz, 2017/07/25