From nobody Thu Nov 28 09:38:41 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1694137085; cv=none; d=zohomail.com; s=zohoarc; b=HEzmXJsLINWHmwSChXXPcwMFvxbgVO6Xg7ZkJRQM2ag+uWfrcvmr88GXuZsrZO8hEiFEQUGbjOstNH8C7WzGziPvm7XVmopYE4xETieguOMiMFh76EHMPEeW1lfTvpo2ocryh3h63WjiyIR2FxmQ5KyLzQthMUhdE4AfMEjK3AM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1694137085; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=CtSjEfAHzdABoPlEeICugrYydeLlInhjYHAqu5v/yu8=; b=ife1KGUEQFQT/NiGcRc9FUQQNzJrEeOcdf/6T+JqjS35a3p2BjLp/7CIawpy4C0Zx53qHRxIdNnilbaMIVWjvrYDgAQhS2YR0DMvYPm/Rct/NNwRQSMiVoygMpvzB+tVWeI+mXbjklx3lKsU22GKn8VZsdJFt8GE76gSn06kKXs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1694137085724325.8859048877322; Thu, 7 Sep 2023 18:38:05 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qeQQ5-0008U0-Jp; Thu, 07 Sep 2023 21:36:25 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qeQQ3-0008Sk-Lx for qemu-devel@nongnu.org; Thu, 07 Sep 2023 21:36:23 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qeQPz-0007ti-V3 for qemu-devel@nongnu.org; Thu, 07 Sep 2023 21:36:23 -0400 Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-144-HDzedw99Pm6C-GTspxfQdg-1; Thu, 07 Sep 2023 21:36:15 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id A5493811728; Fri, 8 Sep 2023 01:36:14 +0000 (UTC) Received: from green.redhat.com (unknown [10.2.16.21]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5083040C2070; Fri, 8 Sep 2023 01:36:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1694136979; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=CtSjEfAHzdABoPlEeICugrYydeLlInhjYHAqu5v/yu8=; b=dOt9gOUtmcjwz4lP10WBHV+rp2byv5pUpWBOEvEEVA/d/XcVnAPtC2SbclhImhOWV9NFTr kTgRPF6m4U9azBjgIRoGhQGUcu7AxCerOu+nd4YYDQZ0KO7Ve0Vpnek7hdlrNXmRm2qGXU 7FwsGfds59JDwMj4VBmgeQhZ2argCnA= X-MC-Unique: HDzedw99Pm6C-GTspxfQdg-1 From: Eric Blake To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Peter Maydell Subject: [PULL 06/13] util/iov: Avoid dynamic stack allocation Date: Thu, 7 Sep 2023 20:35:42 -0500 Message-ID: <20230908013535.990731-21-eblake@redhat.com> In-Reply-To: <20230908013535.990731-15-eblake@redhat.com> References: <20230908013535.990731-15-eblake@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.1 on 10.11.54.1 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=eblake@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1694137087024100001 From: Philippe Mathieu-Daud=C3=A9 Use autofree heap allocation instead of variable-length array on the stack. The codebase has very few VLAs, and if we can get rid of them all we can make the compiler error on new additions. This is a defensive measure against security bugs where an on-stack dynamic allocation isn't correctly size-checked (e.g. CVE-2021-3527). Signed-off-by: Philippe Mathieu-Daud=C3=A9 Signed-off-by: Peter Maydell Message-ID: <20230824164706.2652277-1-peter.maydell@linaro.org> Reviewed-by: Eric Blake Signed-off-by: Eric Blake --- util/iov.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/iov.c b/util/iov.c index 866fb577f30..7e73948f5e3 100644 --- a/util/iov.c +++ b/util/iov.c @@ -571,7 +571,7 @@ static int sortelem_cmp_src_index(const void *a, const = void *b) */ void qemu_iovec_clone(QEMUIOVector *dest, const QEMUIOVector *src, void *b= uf) { - IOVectorSortElem sortelems[src->niov]; + g_autofree IOVectorSortElem *sortelems =3D g_new(IOVectorSortElem, src= ->niov); void *last_end; int i; --=20 2.41.0