|
From: | Hervé Poussineau |
Subject: | Re: [Qemu-block] [Qemu-devel] [PATCH 4/4] vvfat: initialize memory after allocating it |
Date: | Sun, 16 Jul 2017 07:39:45 +0200 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 |
Le 16/07/2017 à 00:24, Philippe Mathieu-Daudé a écrit :
Hi Hervé, On 07/15/2017 10:28 AM, Hervé Poussineau wrote:This prevents some host to guest memory content leaks. Fixes: https://bugs.launchpad.net/qemu/+bug/1599539 Signed-off-by: Hervé Poussineau <address@hidden> --- block/vvfat.c | 1 + 1 file changed, 1 insertion(+) diff --git a/block/vvfat.c b/block/vvfat.c index afc6170a69..7340decef3 100644 --- a/block/vvfat.c +++ b/block/vvfat.c @@ -115,6 +115,7 @@ static inline int array_ensure_allocated(array_t* array, int index) array->pointer = g_realloc(array->pointer, new_size); if (!array->pointer) return -1;isn't it safer: if (likely(new_size > array->size)) {
Not really, because the code is: if((index + 1) * array->item_size > array->size) { int new_size = (index + 32) * array->item_size; array->pointer = g_realloc(array->pointer, new_size); if (!array->pointer) return -1; array->size = new_size; array->next = index + 1; } array->size is the size (in bytes) of the previous array. new_size is (index + 32) * item_size And, due to the "if", we know that (index + 1) * item_size > array->size. So, new_size > array->size.
+ memset(array->pointer + array->size, 0, new_size - array->size);} ?array->size = new_size; array->next = index + 1; }Regards, Phil.
[Prev in Thread] | Current Thread | [Next in Thread] |