[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] hw/9pfs/virtio-9p-local.c: use snprintf() inste
From: |
Daniel P. Berrange |
Subject: |
Re: [Qemu-devel] [PATCH] hw/9pfs/virtio-9p-local.c: use snprintf() instead of sprintf() |
Date: |
Mon, 3 Feb 2014 10:34:29 +0000 |
User-agent: |
Mutt/1.5.21 (2010-09-15) |
On Mon, Feb 03, 2014 at 06:00:42PM +0800, Chen Gang wrote:
> We can not assume "'path' + 'ctx->fs_root'" must be less than MAX_PATH,
> so need use snprintf() instead of sprintf().
>
> And also recommend to use ARRAY_SIZE instead of hard code macro for an
> array size in snprintf().
In the event that there is overflow this will cause the data to be
truncated, potentially causing QEMU to access the wrong file on the
host. Both snprintf and sprintf are really bad because of their
use of fixed buffers. Better to change it to g_strdup_printf which
dynamically allocates buffers.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
- [Qemu-devel] [PATCH] hw/9pfs/virtio-9p-local.c: use snprintf() instead of sprintf(), Chen Gang, 2014/02/03
- Re: [Qemu-devel] [PATCH] hw/9pfs/virtio-9p-local.c: use snprintf() instead of sprintf(),
Daniel P. Berrange <=
- Re: [Qemu-devel] [PATCH] hw/9pfs/virtio-9p-local.c: use snprintf() instead of sprintf(), Chen Gang, 2014/02/03
- Re: [Qemu-devel] [PATCH] hw/9pfs/virtio-9p-local.c: use snprintf() instead of sprintf(), Chen Gang, 2014/02/04
- Re: [Qemu-devel] [PATCH] hw/9pfs/virtio-9p-local.c: use snprintf() instead of sprintf(), Daniel P. Berrange, 2014/02/04
- Re: [Qemu-devel] [PATCH] hw/9pfs/virtio-9p-local.c: use snprintf() instead of sprintf(), Chen Gang, 2014/02/04
- Re: [Qemu-devel] [PATCH] hw/9pfs/virtio-9p-local.c: use snprintf() instead of sprintf(), Aneesh Kumar K.V, 2014/02/04
- Re: [Qemu-devel] [PATCH] hw/9pfs/virtio-9p-local.c: use snprintf() instead of sprintf(), Chen Gang, 2014/02/04
- Re: [Qemu-devel] [PATCH] hw/9pfs/virtio-9p-local.c: use snprintf() instead of sprintf(), Chen Gang, 2014/02/15
- [Qemu-devel] [PATCH] hw/9pfs: use g_strdup_printf() instead of PATH_MAX limitation, Chen Gang, 2014/02/22
- Re: [Qemu-devel] [PATCH] hw/9pfs: use g_strdup_printf() instead of PATH_MAX limitation, Chen Gang, 2014/02/23
- Re: [Qemu-devel] [PATCH] hw/9pfs: use g_strdup_printf() instead of PATH_MAX limitation, Markus Armbruster, 2014/02/24