From nobody Mon Feb  9 12:26:40 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 216.205.24.124 as permitted sender) client-ip=216.205.24.124;
 envelope-from=philmd@redhat.com; helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=philmd@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1630667257; cv=none;
	d=zohomail.com; s=zohoarc;
	b=Q1B4KhFIaaEZQGkW5n7P11JGP9g/6TUvIVTj1g4hGXqYdJ6DZr93djxpy/UBd5TF3+ecpZI2HJnUbPsc+IvcY+ymP8GTNjaaYvuNPYYKfhtOVxv+tPIkrJvhuFP1cXLktyQYEO9m9y2paIBfmwk/2wmJ0Mv9XduArBXGW11A+ic=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1630667257;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To;
	bh=FZHOag7nyoHENtq9LgEUpVfsjfcHne0EwT0c8I8en8s=;
	b=RJKYKqUnGNUSg0nElY658Dj0U9h9LELfvDwyRpPondOU3YqFoz+n5bOuFaPOkfLiuz6d/F99djUft8nGYh4HF5B/GGan6EafBf3qGMxKyZ38E84o5+MvKeSdP+9eHxhwgI0Ny/b24/3Yl88OUljrYGquwGmX2sf9Qnrwy6QoEgw=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=philmd@redhat.com;
	dmarc=pass header.from=<philmd@redhat.com> (p=none dis=none)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com
	with SMTPS id 1630667257771491.3501792005501;
 Fri, 3 Sep 2021 04:07:37 -0700 (PDT)
Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com
 [209.85.221.71]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-577-FccI0tn5OPiZA-X9zME9hA-1; Fri, 03 Sep 2021 07:07:35 -0400
Received: by mail-wr1-f71.google.com with SMTP id
 i16-20020adfded0000000b001572ebd528eso1442842wrn.19
        for <importer@patchew.org>; Fri, 03 Sep 2021 04:07:35 -0700 (PDT)
Return-Path: <philmd@redhat.com>
Return-Path: <philmd@redhat.com>
Received: from x1w.. (163.red-83-52-55.dynamicip.rima-tde.net. [83.52.55.163])
        by smtp.gmail.com with ESMTPSA id
 w1sm3983986wmc.19.2021.09.03.04.07.32
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 03 Sep 2021 04:07:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1630667256;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=FZHOag7nyoHENtq9LgEUpVfsjfcHne0EwT0c8I8en8s=;
	b=Qw79lfK/lb5Jj897xrwt4Uhi5DHpvGe1cz3AZArQyadhQy0CT38ptGasp7+KYZ0ECxtqLa
	cjZwjS7sY2uniYckZqks4OeFK75qej8Vey2Hv2maFtr0YVISfgzo88brPve/aUrZFnNYAp
	RxKsHcRvw/4ApDecZlLi0iW4unaQloE=
X-MC-Unique: FccI0tn5OPiZA-X9zME9hA-1
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=FZHOag7nyoHENtq9LgEUpVfsjfcHne0EwT0c8I8en8s=;
        b=f/kdc7jlODxYJdxUoycFv1rGOVHwTnKEl+kakEwHMR7P1gyhuPuV2g6YGh+QvMLdpo
         vtil78ikBjR+XK9gENKFc0y4hH3K7MGz6kBHnapAHblhmmkl3dif3xSSAyTBwIi3+iNW
         8l2dFY6GvA6a08qrmiL0lR/31S69/a15lkO4gJ1oYr7URm2OabZiK6ETdaIGKzt1V1nN
         cf1+fZH4PcKpEQ5zbic7DFPBU9ZaKZZpbf6vKpaofBpoPotLul5/P6wiQ+B8N07+zw7G
         LTh99QmzMsyZzp9dEBEyQzvQVB2hbmYdM1KC2bbMXWx9fX3bn6tw7HTKpKPCi181MPKH
         prKg==
X-Gm-Message-State: AOAM533TQs52cNcjDSDn7a+MLA8uUiBaYbwryNSvnanO+C8zwDYlKHK1
	6jERtmc/ZW4lXwJe6CIEtmGQoKf3sJpcWGgYsNDZu5gYLZiXcL1Aty2SuBIYAcHWncbfs/kaPLw
	YKnudWgyddqFxUw==
X-Received: by 2002:a05:6000:18c2:: with SMTP id
 w2mr3345275wrq.282.1630667254349;
        Fri, 03 Sep 2021 04:07:34 -0700 (PDT)
X-Google-Smtp-Source: 
 ABdhPJyoB5TMIuInAl2n/PRtQj2iipmUHWUxT2HqaGZ7Zes9XsQggaJR678emY6uLRnPMCNKGATEww==
X-Received: by 2002:a05:6000:18c2:: with SMTP id
 w2mr3345238wrq.282.1630667254198;
        Fri, 03 Sep 2021 04:07:34 -0700 (PDT)
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
To: qemu-devel@nongnu.org
Cc: Hanna Reitz <hreitz@redhat.com>,
	Igor Mammedov <imammedo@redhat.com>,
	Laurent Vivier <laurent@vivier.eu>,
	Alexandre Iooss <erdnaxe@crans.org>,
	=?UTF-8?q?Alex=20Benn=C3=A9e?= <alex.bennee@linaro.org>,
	Michael Roth <michael.roth@amd.com>,
	Zhang Chen <chen.zhang@intel.com>,
	Shannon Zhao <shannon.zhaosl@gmail.com>,
	Richard Henderson <richard.henderson@linaro.org>,
	Alex Williamson <alex.williamson@redhat.com>,
	Eduardo Habkost <ehabkost@redhat.com>,
	Markus Armbruster <armbru@redhat.com>,
	Eric Blake <eblake@redhat.com>,
	Stefan Weil <sw@weilnetz.de>,
	John Snow <jsnow@redhat.com>,
	Mahmoud Mandour <ma.mandourr@gmail.com>,
	Li Zhijian <lizhijian@cn.fujitsu.com>,
	Marcel Apfelbaum <marcel.apfelbaum@gmail.com>,
	qemu-block@nongnu.org,
	Helge Deller <deller@gmx.de>,
	"Michael S. Tsirkin" <mst@redhat.com>,
	David Gibson <david@gibson.dropbear.id.au>,
	Peter Xu <peterx@redhat.com>,
	"Gonglei (Arei)" <arei.gonglei@huawei.com>,
	Gerd Hoffmann <kraxel@redhat.com>,
	Fam Zheng <fam@euphon.net>,
	Jason Wang <jasowang@redhat.com>,
	Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>,
	Christian Schoenebeck <qemu_oss@crudebyte.com>,
	Kevin Wolf <kwolf@redhat.com>,
	Yuval Shaia <yuval.shaia.ml@gmail.com>,
	Paolo Bonzini <pbonzini@redhat.com>,
	Peter Maydell <peter.maydell@linaro.org>,
	qemu-arm@nongnu.org,
	Thomas Huth <thuth@redhat.com>,
	Laurent Vivier <lvivier@redhat.com>,
	Greg Kurz <groug@kaod.org>,
	=?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>,
	qemu-ppc@nongnu.org,
	David Hildenbrand <david@redhat.com>
Subject: [PATCH 05/28] block/qcow2-bitmap: Replace g_memdup() by
 g_memdup2_qemu()
Date: Fri,  3 Sep 2021 13:06:39 +0200
Message-Id: <20210903110702.588291-6-philmd@redhat.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20210903110702.588291-1-philmd@redhat.com>
References: <20210903110702.588291-1-philmd@redhat.com>
MIME-Version: 1.0
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1630667259671100003

Per https://discourse.gnome.org/t/port-your-module-from-g-memdup-to-g-memdu=
p2-now/5538

  The old API took the size of the memory to duplicate as a guint,
  whereas most memory functions take memory sizes as a gsize. This
  made it easy to accidentally pass a gsize to g_memdup(). For large
  values, that would lead to a silent truncation of the size from 64
  to 32 bits, and result in a heap area being returned which is
  significantly smaller than what the caller expects. This can likely
  be exploited in various modules to cause a heap buffer overflow.

Replace g_memdup() by the safer g_memdup2_qemu() wrapper.

Signed-off-by: Philippe Mathieu-Daud=C3=A9 <philmd@redhat.com>
---
 block/qcow2-bitmap.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/block/qcow2-bitmap.c b/block/qcow2-bitmap.c
index 8fb47315515..ec303acb46b 100644
--- a/block/qcow2-bitmap.c
+++ b/block/qcow2-bitmap.c
@@ -1599,7 +1599,7 @@ bool qcow2_store_persistent_dirty_bitmaps(BlockDriver=
State *bs,
                            name);
                 goto fail;
             }
-            tb =3D g_memdup(&bm->table, sizeof(bm->table));
+            tb =3D g_memdup2_qemu(&bm->table, sizeof(bm->table));
             bm->table.offset =3D 0;
             bm->table.size =3D 0;
             QSIMPLEQ_INSERT_TAIL(&drop_tables, tb, entry);
--=20
2.31.1