From nobody Tue Feb 10 09:33:11 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=reject dis=none) header.from=rsg.ci.i.u-tokyo.ac.jp Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1769323498865808.5850367842754; Sat, 24 Jan 2026 22:44:58 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vjtqt-0003Ph-7q; Sun, 25 Jan 2026 01:44:03 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vjtqb-00037P-Q8; Sun, 25 Jan 2026 01:43:47 -0500 Received: from www3579.sakura.ne.jp ([49.212.243.89]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vjtqX-0001OF-Lt; Sun, 25 Jan 2026 01:43:45 -0500 Received: from h205.csg.ci.i.u-tokyo.ac.jp (h205.csg.ci.i.u-tokyo.ac.jp [133.11.54.205]) (authenticated bits=0) by www3579.sakura.ne.jp (8.16.1/8.16.1) with ESMTPSA id 60P6h74c079417 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sun, 25 Jan 2026 15:43:17 +0900 (JST) (envelope-from odaki@rsg.ci.i.u-tokyo.ac.jp) DKIM-Signature: a=rsa-sha256; bh=FS6haBok9vnF/9HFHaX9cWdGhWMcNaaTBU46LJlzpus=; c=relaxed/relaxed; d=rsg.ci.i.u-tokyo.ac.jp; h=From:Date:Subject:Message-Id:To; s=rs20250326; t=1769323397; v=1; b=H5qGQA565BOxwdz/ICrTdLTg1Lz+amAMiFXvGXUbl4CUafw8DDUQip69/LzwFkj4 Ky6X8Vw8he5Um7zC2quLZ1rt0FcwlPUUaXyQXXg7ASiRmtdbW6TMCHidegmq252o 4h5p/Jeg3QuFD+HCkZK4zxgN/3wkpmxxEj84fJKJU+GtEdQknohUb2k2RGcpZ+RK vA8FHnSkl71DeO2laWNMwLhxhxuAh4nsgAe3k2ykRqalb8osImGvFwk3+GXAv94U othQiLioVZQjgc6Z65gBoAgb2HhKDlzvX4bJ6w2aknond/1jl3+RR5hPS9gkTGx4 3TcMRjvAz67YYEpTAoiFHA== From: Akihiko Odaki Date: Sun, 25 Jan 2026 15:42:43 +0900 Subject: [PATCH 1/5] contrib/elf2dmp: Grow PDB URL buffer MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260125-nvme-v1-1-0658c31fade9@rsg.ci.i.u-tokyo.ac.jp> References: <20260125-nvme-v1-0-0658c31fade9@rsg.ci.i.u-tokyo.ac.jp> In-Reply-To: <20260125-nvme-v1-0-0658c31fade9@rsg.ci.i.u-tokyo.ac.jp> To: qemu-devel@nongnu.org Cc: Viktor Prutyanov , Alex Williamson , =?utf-8?q?C=C3=A9dric_Le_Goater?= , Markus Armbruster , Michael Roth , Paolo Bonzini , =?utf-8?q?Marc-Andr=C3=A9_Lureau?= , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Keith Busch , Klaus Jensen , Jesper Devantier , qemu-block@nongnu.org, Akihiko Odaki X-Mailer: b4 0.15-dev-179e8 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=49.212.243.89; envelope-from=odaki@rsg.ci.i.u-tokyo.ac.jp; helo=www3579.sakura.ne.jp X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1769323501379154100 The buffers used to construct a PDB URL overflow when the "age" property is greater than 0xf, so grow it. This also simplifies the logic of the URL construction to use one buffer instead of two to avoid the chore to synchronize the sizes of two buffers. Signed-off-by: Akihiko Odaki --- contrib/elf2dmp/main.c | 27 ++++++++++----------------- 1 file changed, 10 insertions(+), 17 deletions(-) diff --git a/contrib/elf2dmp/main.c b/contrib/elf2dmp/main.c index d046a72ae67f..83ddc57dd9ee 100644 --- a/contrib/elf2dmp/main.c +++ b/contrib/elf2dmp/main.c @@ -494,18 +494,6 @@ static bool pe_check_pdb_name(uint64_t base, void *sta= rt_addr, return !strcmp(pdb_name, PDB_NAME); } =20 -static void pe_get_pdb_symstore_hash(OMFSignatureRSDS *rsds, char *hash) -{ - sprintf(hash, "%.08x%.04x%.04x%.02x%.02x", rsds->guid.a, rsds->guid.b, - rsds->guid.c, rsds->guid.d[0], rsds->guid.d[1]); - hash +=3D 20; - for (unsigned int i =3D 0; i < 6; i++, hash +=3D 2) { - sprintf(hash, "%.02x", rsds->guid.e[i]); - } - - sprintf(hash, "%.01x", rsds->age); -} - int main(int argc, char *argv[]) { int err =3D 1; @@ -517,9 +505,7 @@ int main(int argc, char *argv[]) uint64_t KernBase; void *nt_start_addr =3D NULL; WinDumpHeader64 header; - char pdb_hash[34]; - char pdb_url[] =3D SYM_URL_BASE PDB_NAME - "/0123456789ABCDEF0123456789ABCDEFx/" PDB_NAME; + char pdb_url[sizeof(SYM_URL_BASE PDB_NAME PDB_NAME) + 42]; struct pdb_reader pdb; uint64_t KdDebuggerDataBlock; KDDEBUGGER_DATA64 *kdbg; @@ -583,9 +569,16 @@ int main(int argc, char *argv[]) printf("KernBase =3D 0x%016"PRIx64", signature is \'%.2s\'\n", KernBas= e, (char *)nt_start_addr); =20 - pe_get_pdb_symstore_hash(&rsds, pdb_hash); + sprintf(pdb_url, + "%s%.08x%.04x%.04x" + "%.02x%.02x" + "%.02x%.02x%.02x%.02x%.02x%.02x" + "%.01x%s", + SYM_URL_BASE PDB_NAME "/", rsds.guid.a, rsds.guid.b, rsds.guid= .c, + rsds.guid.d[0], rsds.guid.d[1], + rsds.guid.e[0], rsds.guid.e[1], rsds.guid.e[2], rsds.guid.e[3]= , rsds.guid.e[4], rsds.guid.e[5], + rsds.age, "/" PDB_NAME); =20 - sprintf(pdb_url, "%s%s/%s/%s", SYM_URL_BASE, PDB_NAME, pdb_hash, PDB_N= AME); printf("PDB URL is %s\n", pdb_url); =20 if (!download_url(PDB_NAME, pdb_url)) { --=20 2.52.0 From nobody Tue Feb 10 09:33:11 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=reject dis=none) header.from=rsg.ci.i.u-tokyo.ac.jp Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1769323504300825.6892826241108; Sat, 24 Jan 2026 22:45:04 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vjtqm-0003Gg-1M; Sun, 25 Jan 2026 01:43:56 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vjtqb-000373-Gk; Sun, 25 Jan 2026 01:43:45 -0500 Received: from www3579.sakura.ne.jp ([49.212.243.89]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vjtqX-0001OB-JC; Sun, 25 Jan 2026 01:43:45 -0500 Received: from h205.csg.ci.i.u-tokyo.ac.jp (h205.csg.ci.i.u-tokyo.ac.jp [133.11.54.205]) (authenticated bits=0) by www3579.sakura.ne.jp (8.16.1/8.16.1) with ESMTPSA id 60P6h74d079417 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sun, 25 Jan 2026 15:43:17 +0900 (JST) (envelope-from odaki@rsg.ci.i.u-tokyo.ac.jp) DKIM-Signature: a=rsa-sha256; bh=6oD1SgDIum0e6/mODyNZwlTNufZA5BPZ4Wu9oa12wug=; c=relaxed/relaxed; d=rsg.ci.i.u-tokyo.ac.jp; h=From:Date:Subject:Message-Id:To; s=rs20250326; t=1769323397; v=1; b=vsz25Nz1O5eXyf2Vq+d/byB5ivFTTlkDKkWmH3ckHy0tWar9EPSkpbmd5g2nWQFA Y1Y08KQqnUn4bM1o/oIQVrddv7p2HWEiJM+ELQGpCuqWNPJIfFMV+mt5AC4pRDaE TjiybavNJouBS08kloBKdRZjdwp9RvFz3t9QHvte5U9A7kzrvRiJ6c7Z8Adh/pFJ UgjrLWnysE/q6rePUj2dwZEyd0pELnzH4lqkOGNQAWJjllSnGmde3ELDUhXS8a6K Fucnvw5yZgmLGzYITfn/gv3l0UXgYJxR8N3G4CU/09GooPvP8X/z+hnBKkZDmSDw Bt5GK0iO8gKyYzxO/C4SJQ== From: Akihiko Odaki Date: Sun, 25 Jan 2026 15:42:44 +0900 Subject: [PATCH 2/5] vfio/pci: Grow buffer in vfio_pci_host_match() MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260125-nvme-v1-2-0658c31fade9@rsg.ci.i.u-tokyo.ac.jp> References: <20260125-nvme-v1-0-0658c31fade9@rsg.ci.i.u-tokyo.ac.jp> In-Reply-To: <20260125-nvme-v1-0-0658c31fade9@rsg.ci.i.u-tokyo.ac.jp> To: qemu-devel@nongnu.org Cc: Viktor Prutyanov , Alex Williamson , =?utf-8?q?C=C3=A9dric_Le_Goater?= , Markus Armbruster , Michael Roth , Paolo Bonzini , =?utf-8?q?Marc-Andr=C3=A9_Lureau?= , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Keith Busch , Klaus Jensen , Jesper Devantier , qemu-block@nongnu.org, Akihiko Odaki X-Mailer: b4 0.15-dev-179e8 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=49.212.243.89; envelope-from=odaki@rsg.ci.i.u-tokyo.ac.jp; helo=www3579.sakura.ne.jp X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1769323507013154100 Ensure the buffer in vfio_pci_host_match() will not overflow even when an invalid addr parameter is provided. Signed-off-by: Akihiko Odaki --- hw/vfio/pci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c index c73447272141..3338c4d7b528 100644 --- a/hw/vfio/pci.c +++ b/hw/vfio/pci.c @@ -2673,7 +2673,7 @@ void vfio_pci_post_reset(VFIOPCIDevice *vdev) =20 bool vfio_pci_host_match(PCIHostDeviceAddress *addr, const char *name) { - char tmp[13]; + char tmp[36]; =20 sprintf(tmp, "%04x:%02x:%02x.%1x", addr->domain, addr->bus, addr->slot, addr->function); --=20 2.52.0 From nobody Tue Feb 10 09:33:11 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=reject dis=none) header.from=rsg.ci.i.u-tokyo.ac.jp Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1769323485813227.8322890368612; Sat, 24 Jan 2026 22:44:45 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vjtqq-0003MS-0K; Sun, 25 Jan 2026 01:44:00 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vjtqb-00037Q-Ps; Sun, 25 Jan 2026 01:43:47 -0500 Received: from www3579.sakura.ne.jp ([49.212.243.89]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vjtqX-0001OE-Ko; Sun, 25 Jan 2026 01:43:45 -0500 Received: from h205.csg.ci.i.u-tokyo.ac.jp (h205.csg.ci.i.u-tokyo.ac.jp [133.11.54.205]) (authenticated bits=0) by www3579.sakura.ne.jp (8.16.1/8.16.1) with ESMTPSA id 60P6h74e079417 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sun, 25 Jan 2026 15:43:17 +0900 (JST) (envelope-from odaki@rsg.ci.i.u-tokyo.ac.jp) DKIM-Signature: a=rsa-sha256; bh=0eOoY+bahv1rBrpsObIe62WwWG/nlXutLsg7rdcWLMA=; c=relaxed/relaxed; d=rsg.ci.i.u-tokyo.ac.jp; h=From:Date:Subject:Message-Id:To; s=rs20250326; t=1769323398; v=1; b=gJNVg7LKzDYz5jrrlbFVHgHxv5luQq6GPwG66I+QG31UNrnDOWrcum15sVHHVwEm uGw8T+ddZh3zsjqnjXzFsF+J58dktw5LxpGsIpmkZ/x1asrQkg4TkiA0ONesBy0z vxlmIFiOjAKZnig8lPpt64vOoVWd1avWnYPhH/17zDyzi8b8yIVFosWAOzWvbhZo a813LwgvhskgH7w19TLo/cy7xXdatj6agGxYpbnb6q1+djDyg1BephldTUQ+uSj3 ju8Q7yCL4jarCmd9qlTrO90OXyKKQwXk5x+Mgh/utWoHy9GrQXlZol2feoM2ODME n/INioWrgCMAeMr7i7m8sA== From: Akihiko Odaki Date: Sun, 25 Jan 2026 15:42:45 +0900 Subject: [PATCH 3/5] tests: Grow buffers for double string MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260125-nvme-v1-3-0658c31fade9@rsg.ci.i.u-tokyo.ac.jp> References: <20260125-nvme-v1-0-0658c31fade9@rsg.ci.i.u-tokyo.ac.jp> In-Reply-To: <20260125-nvme-v1-0-0658c31fade9@rsg.ci.i.u-tokyo.ac.jp> To: qemu-devel@nongnu.org Cc: Viktor Prutyanov , Alex Williamson , =?utf-8?q?C=C3=A9dric_Le_Goater?= , Markus Armbruster , Michael Roth , Paolo Bonzini , =?utf-8?q?Marc-Andr=C3=A9_Lureau?= , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Keith Busch , Klaus Jensen , Jesper Devantier , qemu-block@nongnu.org, Akihiko Odaki X-Mailer: b4 0.15-dev-179e8 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=49.212.243.89; envelope-from=odaki@rsg.ci.i.u-tokyo.ac.jp; helo=www3579.sakura.ne.jp X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1769323489517154101 A string that represents a double can be long if it is an exponentially large number. Signed-off-by: Akihiko Odaki --- tests/unit/test-qobject-input-visitor.c | 2 +- tests/unit/test-qobject-output-visitor.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/unit/test-qobject-input-visitor.c b/tests/unit/test-qobj= ect-input-visitor.c index 84bdcdf702e0..baff9243313c 100644 --- a/tests/unit/test-qobject-input-visitor.c +++ b/tests/unit/test-qobject-input-visitor.c @@ -583,7 +583,7 @@ static void test_visitor_in_list_struct(TestInputVisito= rData *data, =20 i =3D 0; for (num_list =3D arrs->number; num_list; num_list =3D num_list->next)= { - char expected[32], actual[32]; + char expected[318], actual[318]; =20 sprintf(expected, "%.6f", (double)i / 3); sprintf(actual, "%.6f", num_list->value); diff --git a/tests/unit/test-qobject-output-visitor.c b/tests/unit/test-qob= ject-output-visitor.c index 407ab9ed505a..ae05a726f775 100644 --- a/tests/unit/test-qobject-output-visitor.c +++ b/tests/unit/test-qobject-output-visitor.c @@ -571,7 +571,7 @@ static void test_visitor_out_list_struct(TestOutputVisi= torData *data, i =3D 0; QLIST_FOREACH_ENTRY(qlist, e) { QNum *qvalue =3D qobject_to(QNum, qlist_entry_obj(e)); - char expected[32], actual[32]; + char expected[318], actual[318]; =20 g_assert(qvalue); sprintf(expected, "%.6f", (double)i / 3); --=20 2.52.0 From nobody Tue Feb 10 09:33:11 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=reject dis=none) header.from=rsg.ci.i.u-tokyo.ac.jp Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1769323563783357.45273637317734; Sat, 24 Jan 2026 22:46:03 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vjtqt-0003Qo-IT; Sun, 25 Jan 2026 01:44:03 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vjtqa-00035B-IK; Sun, 25 Jan 2026 01:43:45 -0500 Received: from www3579.sakura.ne.jp ([49.212.243.89]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vjtqX-0001OS-GM; Sun, 25 Jan 2026 01:43:44 -0500 Received: from h205.csg.ci.i.u-tokyo.ac.jp (h205.csg.ci.i.u-tokyo.ac.jp [133.11.54.205]) (authenticated bits=0) by www3579.sakura.ne.jp (8.16.1/8.16.1) with ESMTPSA id 60P6h74f079417 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sun, 25 Jan 2026 15:43:18 +0900 (JST) (envelope-from odaki@rsg.ci.i.u-tokyo.ac.jp) DKIM-Signature: a=rsa-sha256; bh=M9F2sZaB7aqOtDg+UNTfUW8uDb8IF/ASvhYO4a8TRSw=; c=relaxed/relaxed; d=rsg.ci.i.u-tokyo.ac.jp; h=From:Date:Subject:Message-Id:To; s=rs20250326; t=1769323398; v=1; b=jFy8+Oinb5O7oymyHbxZ+bpEek20DwR/AJBp66Vk2PdG+MvWNcvafYr78bO0V7ih s+w3q1wl3BD49IzoLH6d+IdcgtgcxMe0AwaifZxiymLPLkQVcTndNyDthiRrOXcU 2myoS46FPnh2ZKfoO4Wi8LSEnM8SU0vyPDMpRpDgHGWhUFVpZZOxS6lzCKPWM1or 1RlHOr5QApz+HT3YCt55hi4iI+n9NX+IG9ZDfk36Ugnr5uB289I1jzUVpPLtkCqe gDXuWIPGLaWJ2LDckSC07gGKiVZIIOQ++JETP50wEaXms1C28zDHe76Z2JdLx1QH 1WBKlXg8T3KgsDueY5naag== From: Akihiko Odaki Date: Sun, 25 Jan 2026 15:42:46 +0900 Subject: [PATCH 4/5] meson: Add -Wformat-overflow=2 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260125-nvme-v1-4-0658c31fade9@rsg.ci.i.u-tokyo.ac.jp> References: <20260125-nvme-v1-0-0658c31fade9@rsg.ci.i.u-tokyo.ac.jp> In-Reply-To: <20260125-nvme-v1-0-0658c31fade9@rsg.ci.i.u-tokyo.ac.jp> To: qemu-devel@nongnu.org Cc: Viktor Prutyanov , Alex Williamson , =?utf-8?q?C=C3=A9dric_Le_Goater?= , Markus Armbruster , Michael Roth , Paolo Bonzini , =?utf-8?q?Marc-Andr=C3=A9_Lureau?= , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Keith Busch , Klaus Jensen , Jesper Devantier , qemu-block@nongnu.org, Akihiko Odaki X-Mailer: b4 0.15-dev-179e8 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=49.212.243.89; envelope-from=odaki@rsg.ci.i.u-tokyo.ac.jp; helo=www3579.sakura.ne.jp X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1769323566460158500 https://gcc.gnu.org/onlinedocs/gcc-15.2.0/gcc/Warning-Options.html > Level 2 warns also about calls that might overflow the destination > buffer given an argument of sufficient length or magnitude. At level > 2, unknown numeric arguments are assumed to have the minimum > representable value for signed types with a precision greater than 1, > and the maximum representable value otherwise. Unknown string > arguments whose length cannot be assumed to be bounded either by the > directive=E2=80=99s precision, or by a finite set of string literals they= may > evaluate to, or the character array they may point to, are assumed to > be 1 character long. Signed-off-by: Akihiko Odaki --- meson.build | 1 + 1 file changed, 1 insertion(+) diff --git a/meson.build b/meson.build index c58007291a8c..a7ccb7011f0a 100644 --- a/meson.build +++ b/meson.build @@ -729,6 +729,7 @@ warn_flags =3D [ '-Wempty-body', '-Wendif-labels', '-Wexpansion-to-defined', + '-Wformat-overflow=3D2', '-Wformat-security', '-Wformat-y2k', '-Wignored-qualifiers', --=20 2.52.0 From nobody Tue Feb 10 09:33:11 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=reject dis=none) header.from=rsg.ci.i.u-tokyo.ac.jp Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1769323528039961.2862753775748; Sat, 24 Jan 2026 22:45:28 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vjtqm-0003HT-O3; Sun, 25 Jan 2026 01:43:56 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vjtqa-00035A-FT; Sun, 25 Jan 2026 01:43:45 -0500 Received: from www3579.sakura.ne.jp ([49.212.243.89]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vjtqX-0001OD-JF; Sun, 25 Jan 2026 01:43:44 -0500 Received: from h205.csg.ci.i.u-tokyo.ac.jp (h205.csg.ci.i.u-tokyo.ac.jp [133.11.54.205]) (authenticated bits=0) by www3579.sakura.ne.jp (8.16.1/8.16.1) with ESMTPSA id 60P6h74g079417 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sun, 25 Jan 2026 15:43:18 +0900 (JST) (envelope-from odaki@rsg.ci.i.u-tokyo.ac.jp) DKIM-Signature: a=rsa-sha256; bh=V6Tcy99VmbiSxXOyzt3hsil73wVMmCmWdx3HXcW6znc=; c=relaxed/relaxed; d=rsg.ci.i.u-tokyo.ac.jp; h=From:Date:Subject:Message-Id:To; s=rs20250326; t=1769323398; v=1; b=tXP0iVUau7d6jUrJm2mpd5UjB0NodHGa53u0HcORjJwnuOzWicEHYNszSTN8Z+z2 tzYCtGTiPjSEirBtPV1QnjJc73Skt77lSmAEGaWXzL+9wcF61lz/qncHsbqPzdqm RjqfSnY/BUJS51ZfTWsRdDLQ+3IR8ymuDfzx7qbhjaWAfBl751RZmHgIHz4+GxS1 c2yMBuu49YSmdfN61jHl4w0mdhSW305miOk4j4Dd9pjAjmadcvZV8dtwET9xdmNf Ln/EFt5KCZrAzPfvOdgC+JmjV9foFi6xQZL55hx06jNzYYTPSchmKqe07pcGu4Q6 Oorqc39yUr46mR1sGiHO0Q== From: Akihiko Odaki Date: Sun, 25 Jan 2026 15:42:47 +0900 Subject: [PATCH 5/5] hw/nvme: Fix bootindex suffix use-after-free MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260125-nvme-v1-5-0658c31fade9@rsg.ci.i.u-tokyo.ac.jp> References: <20260125-nvme-v1-0-0658c31fade9@rsg.ci.i.u-tokyo.ac.jp> In-Reply-To: <20260125-nvme-v1-0-0658c31fade9@rsg.ci.i.u-tokyo.ac.jp> To: qemu-devel@nongnu.org Cc: Viktor Prutyanov , Alex Williamson , =?utf-8?q?C=C3=A9dric_Le_Goater?= , Markus Armbruster , Michael Roth , Paolo Bonzini , =?utf-8?q?Marc-Andr=C3=A9_Lureau?= , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Keith Busch , Klaus Jensen , Jesper Devantier , qemu-block@nongnu.org, Akihiko Odaki X-Mailer: b4 0.15-dev-179e8 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=49.212.243.89; envelope-from=odaki@rsg.ci.i.u-tokyo.ac.jp; helo=www3579.sakura.ne.jp X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1769323531048158500 The bootindex suffix can be used as long as the property is alive. Signed-off-by: Akihiko Odaki Reviewed-by: Philippe Mathieu-Daud=C3=A9 --- hw/nvme/nvme.h | 1 + hw/nvme/ns.c | 7 +++---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/hw/nvme/nvme.h b/hw/nvme/nvme.h index 8f8c78c85036..d66f7dc82d5c 100644 --- a/hw/nvme/nvme.h +++ b/hw/nvme/nvme.h @@ -239,6 +239,7 @@ typedef struct NvmeNamespace { DeviceState parent_obj; BlockConf blkconf; int32_t bootindex; + char bootindex_suffix[24]; int64_t size; int64_t moff; NvmeIdNs id_ns; diff --git a/hw/nvme/ns.c b/hw/nvme/ns.c index 58800b3414a3..38f86a17268f 100644 --- a/hw/nvme/ns.c +++ b/hw/nvme/ns.c @@ -944,12 +944,11 @@ static void nvme_ns_class_init(ObjectClass *oc, const= void *data) static void nvme_ns_instance_init(Object *obj) { NvmeNamespace *ns =3D NVME_NS(obj); - char *bootindex =3D g_strdup_printf("/namespace@%d,0", ns->params.nsid= ); =20 - device_add_bootindex_property(obj, &ns->bootindex, "bootindex", - bootindex, DEVICE(obj)); + sprintf(ns->bootindex_suffix, "/namespace@%" PRIu32 ",0", ns->params.n= sid); =20 - g_free(bootindex); + device_add_bootindex_property(obj, &ns->bootindex, "bootindex", + ns->bootindex_suffix, DEVICE(obj)); } =20 static const TypeInfo nvme_ns_info =3D { --=20 2.52.0