qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [RFC PATCH 1/6] utils/python_api: add scripting interfa


From: Stefan Hajnoczi
Subject: Re: [Qemu-devel] [RFC PATCH 1/6] utils/python_api: add scripting interface for Qemu with python lib
Date: Thu, 8 Aug 2019 11:09:03 +0100
User-agent: Mutt/1.12.0 (2019-05-25)

On Wed, Aug 07, 2019 at 12:44:40PM +0530, Balamuruhan S wrote:
> +void python_args_init_cast_int(char *args[], int arg, int pos)
> +{
> +    args[pos]= malloc(sizeof(int));
> +    sprintf(args[pos], "%d", arg);
> +}

This is broken.  args[pos] is a (possibly NULL) pointer to 4 bytes.
sprintf() will buffer overflow if arg has more than 3 digits.

A correct way to do this is:

  args[pos] = g_strdup_printf("%d", arg);

> +void python_args_init_cast_long(char *args[], uint64_t arg, int pos)
> +{
> +    args[pos]= g_malloc(sizeof(uint64_t) * 2);
> +    sprintf(args[pos], "%lx", arg);
> +}

Same issue.

> +void python_args_clean(char *args[], int nargs)
> +{
> +    for (int i = 0; i < nargs; i++) {
> +        g_free(args[i]);
> +    }
> +}

Mixing malloc() and g_free() is unsafe.  If you switch to
g_strdup_printf() then g_free() is correct.

Attachment: signature.asc
Description: PGP signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]