1. Patchew
  2. QEMU
  3. View series

[PATCH] pci: fix overflow in printf string formatting

Claudio Fontana posted 1 patch 1 year, 11 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20220531092540.10151-2-cfontana@suse.de
Maintainers: "Michael S. Tsirkin" <mst@redhat.com>, Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
hw/pci/pci.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
[PATCH] pci: fix overflow in printf string formatting
Posted by Claudio Fontana 1 year, 11 months ago 
Signed-off-by: Claudio Fontana <cfontana@suse.de>
---
 hw/pci/pci.c | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/hw/pci/pci.c b/hw/pci/pci.c
index a9b37f8000..6e7015329c 100644
--- a/hw/pci/pci.c
+++ b/hw/pci/pci.c
@@ -2640,15 +2640,15 @@ static char *pci_dev_fw_name(DeviceState *dev, char *buf, int len)
 static char *pcibus_get_fw_dev_path(DeviceState *dev)
 {
     PCIDevice *d = (PCIDevice *)dev;
-    char path[50], name[33];
-    int off;
-
-    off = snprintf(path, sizeof(path), "%s@%x",
-                   pci_dev_fw_name(dev, name, sizeof name),
-                   PCI_SLOT(d->devfn));
-    if (PCI_FUNC(d->devfn))
-        snprintf(path + off, sizeof(path) + off, ",%x", PCI_FUNC(d->devfn));
-    return g_strdup(path);
+    char name[33];
+    int has_func = !!PCI_FUNC(d->devfn);
+
+    return g_strdup_printf("%s@%x%s%.*x",
+                           pci_dev_fw_name(dev, name, sizeof(name)),
+                           PCI_SLOT(d->devfn),
+                           has_func ? "," : "",
+                           has_func,
+                           PCI_FUNC(d->devfn));
 }
 
 static char *pcibus_get_dev_path(DeviceState *dev)
-- 
2.26.2
Re: [PATCH] pci: fix overflow in printf string formatting
Posted by Peter Maydell 1 year, 11 months ago 
On Tue, 31 May 2022 at 10:34, Claudio Fontana <cfontana@suse.de> wrote:
>
> Signed-off-by: Claudio Fontana <cfontana@suse.de>

It would be helpful to note in the commit message how
bad the overflow is, in what situations it can happen,
and how it was detected.

thanks
-- PMM
Re: [PATCH] pci: fix overflow in printf string formatting
Posted by Claudio Fontana 1 year, 11 months ago 
On 5/31/22 11:47, Peter Maydell wrote:
> On Tue, 31 May 2022 at 10:34, Claudio Fontana <cfontana@suse.de> wrote:
>>
>> Signed-off-by: Claudio Fontana <cfontana@suse.de>
> 
> It would be helpful to note in the commit message how
> bad the overflow is, in what situations it can happen,
> and how it was detected.
> 
> thanks
> -- PMM

Hi Peter,

sorry I should have linked to this previous message by Dario:

https://lists.gnu.org/archive/html/qemu-devel/2022-05/msg05518.html

It was detected when building QEMU with FORTIFY_SOURCE=3.

Thanks,

Claudio
Re: [PATCH] pci: fix overflow in printf string formatting
Posted by Claudio Fontana 1 year, 11 months ago 
On 5/31/22 11:55, Claudio Fontana wrote:
> On 5/31/22 11:47, Peter Maydell wrote:
>> On Tue, 31 May 2022 at 10:34, Claudio Fontana <cfontana@suse.de> wrote:
>>>
>>> Signed-off-by: Claudio Fontana <cfontana@suse.de>
>>
>> It would be helpful to note in the commit message how
>> bad the overflow is, in what situations it can happen,
>> and how it was detected.
>>
>> thanks
>> -- PMM
> 
> Hi Peter,
> 
> sorry I should have linked to this previous message by Dario:
> 
> https://lists.gnu.org/archive/html/qemu-devel/2022-05/msg05518.html
> 
> It was detected when building QEMU with FORTIFY_SOURCE=3.
> 
> Thanks,
> 
> Claudio
> 
> 

Will resend with more explanation in the commit message btw.

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.