qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 2/2] meson: Enable -Wvla

From: Thomas Huth
Subject: Re: [PATCH 2/2] meson: Enable -Wvla
Date: Thu, 25 Jan 2024 20:00:09 +0100
User-agent: Mozilla Thunderbird 
On 25/01/2024 18.32, Peter Maydell wrote:

QEMU has historically used variable length arrays only very rarely.
Variable length arrays are a potential security issue where an
on-stack dynamic allocation isn't correctly size-checked, especially
when the size comes from the guest.  (An example problem of this kind
from the past is CVE-2021-3527).  Forbidding them entirely is a
defensive measure against further bugs of this kind.

Enable -Wvla to prevent any new uses from sneaking into the codebase.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
  meson.build | 1 +
  1 file changed, 1 insertion(+)

diff --git a/meson.build b/meson.build
index d0329966f1b..385b8247073 100644
--- a/meson.build
+++ b/meson.build
@@ -601,6 +601,7 @@ warn_flags = [
    '-Wno-psabi',
    '-Wno-gnu-variable-sized-type-not-at-end',
    '-Wshadow=local',
+  '-Wvla',
  ]
if host_os != 'darwin' 

Reviewed-by: Thomas Huth <thuth@redhat.com>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]