qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 8/8] hw/i386: fix unbounded stack for load_multi

From: Peter Xu
Subject: Re: [Qemu-devel] [PATCH 8/8] hw/i386: fix unbounded stack for load_multiboot
Date: Wed, 9 Mar 2016 13:39:00 +0800
User-agent: Mutt/1.5.24 (2015-08-30) 
On Tue, Mar 08, 2016 at 01:29:21PM +0100, Paolo Bonzini wrote:
> 
> 
> On 08/03/2016 08:00, Peter Xu wrote:
> > @@ -159,6 +159,12 @@ int load_multiboot(FWCfgState *fw_cfg,
> >      uint8_t *mb_bootinfo_data;
> >      uint32_t cmdline_len;
> >  
> > +#define __KERN_FNAME_LEN (1024)
> > +#define __KERN_CMDLINE_LEN (4096)
> > +
> > +    assert(strlen(kernel_filename) + 1 >= __KERN_FNAME_LEN);
> > +    assert(strlen(kernel_cmdline) + 1 >= __KERN_CMDLINE_LEN);
> > +
> >      /* Ok, let's see if it is a multiboot image.
> >         The header is 12x32bit long, so the latest entry may be 8192 - 48. 
> > */
> >      for (i = 0; i < (8192 - 48); i += 4) {
> > @@ -324,7 +330,7 @@ int load_multiboot(FWCfgState *fw_cfg,
> >      }
> >  
> >      /* Commandline support */
> > -    char kcmdline[strlen(kernel_filename) + strlen(kernel_cmdline) + 2];
> > +    char kcmdline[__KERN_FNAME_LEN + __KERN_CMDLINE_LEN];
> >      snprintf(kcmdline, sizeof(kcmdline), "%s %s",
> >               kernel_filename, kernel_cmdline);
> >      stl_p(bootinfo + MBI_CMDLINE, mb_add_cmdline(&mbs, kcmdline));
> > @@ -370,4 +376,6 @@ int load_multiboot(FWCfgState *fw_cfg,
> >      nb_option_roms++;
> >  
> >      return 1; /* yes, we are multiboot */
> > +#undef __KERN_FNAME_LEN
> > +#undef __KERN_CMDLINE_LEN
> 
> Just put it in the heap using g_strdup_printf.

Will fix and send standalone again. Thanks.

Peter
reply via email to
[Prev in Thread] Current Thread [Next in Thread]