[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-ppc] [PULL 06/40] spapr_drc: use g_strdup_printf() instead of snpr
From: |
David Gibson |
Subject: |
[Qemu-ppc] [PULL 06/40] spapr_drc: use g_strdup_printf() instead of snprintf() |
Date: |
Fri, 8 Sep 2017 20:35:24 +1000 |
From: Greg Kurz <address@hidden>
Passing a stack allocated buffer of arbitrary length to snprintf()
without checking the return value can cause the resultant strings
to be silently truncated.
Signed-off-by: Greg Kurz <address@hidden>
Signed-off-by: David Gibson <address@hidden>
---
hw/ppc/spapr_drc.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/hw/ppc/spapr_drc.c b/hw/ppc/spapr_drc.c
index 85c999d9cb..644a6fffaf 100644
--- a/hw/ppc/spapr_drc.c
+++ b/hw/ppc/spapr_drc.c
@@ -492,7 +492,7 @@ static void realize(DeviceState *d, Error **errp)
{
sPAPRDRConnector *drc = SPAPR_DR_CONNECTOR(d);
Object *root_container;
- char link_name[256];
+ gchar *link_name;
gchar *child_name;
Error *err = NULL;
@@ -505,12 +505,13 @@ static void realize(DeviceState *d, Error **errp)
* existing in the composition tree
*/
root_container = container_get(object_get_root(), DRC_CONTAINER_PATH);
- snprintf(link_name, sizeof(link_name), "%x", spapr_drc_index(drc));
+ link_name = g_strdup_printf("%x", spapr_drc_index(drc));
child_name = object_get_canonical_path_component(OBJECT(drc));
trace_spapr_drc_realize_child(spapr_drc_index(drc), child_name);
object_property_add_alias(root_container, link_name,
drc->owner, child_name, &err);
g_free(child_name);
+ g_free(link_name);
if (err) {
error_propagate(errp, err);
return;
@@ -525,14 +526,15 @@ static void unrealize(DeviceState *d, Error **errp)
{
sPAPRDRConnector *drc = SPAPR_DR_CONNECTOR(d);
Object *root_container;
- char name[256];
+ gchar *name;
trace_spapr_drc_unrealize(spapr_drc_index(drc));
qemu_unregister_reset(drc_reset, drc);
vmstate_unregister(DEVICE(drc), &vmstate_spapr_drc, drc);
root_container = container_get(object_get_root(), DRC_CONTAINER_PATH);
- snprintf(name, sizeof(name), "%x", spapr_drc_index(drc));
+ name = g_strdup_printf("%x", spapr_drc_index(drc));
object_property_del(root_container, name, errp);
+ g_free(name);
}
sPAPRDRConnector *spapr_dr_connector_new(Object *owner, const char *type,
@@ -730,10 +732,11 @@ static const TypeInfo spapr_drc_lmb_info = {
sPAPRDRConnector *spapr_drc_by_index(uint32_t index)
{
Object *obj;
- char name[256];
+ gchar *name;
- snprintf(name, sizeof(name), "%s/%x", DRC_CONTAINER_PATH, index);
+ name = g_strdup_printf("%s/%x", DRC_CONTAINER_PATH, index);
obj = object_resolve_path(name, NULL);
+ g_free(name);
return !obj ? NULL : SPAPR_DR_CONNECTOR(obj);
}
--
2.13.5
- Re: [Qemu-ppc] [PULL 02/40] hw/ppc: clear pending_events on machine reset, (continued)
- [Qemu-ppc] [PULL 12/40] spapr_iommu: unregister vmstate at unrealize time, David Gibson, 2017/09/08
- [Qemu-ppc] [PULL 08/40] spapr_pci: parent the MSI memory region to the PHB, David Gibson, 2017/09/08
- [Qemu-ppc] [PULL 10/40] spapr_drc: pass object ownership to parent/owner, David Gibson, 2017/09/08
- [Qemu-ppc] [PULL 05/40] spapr_iommu: use g_strdup_printf() instead of snprintf(), David Gibson, 2017/09/08
- [Qemu-ppc] [PULL 09/40] spapr_drc: add unrealize method to physical DRC class, David Gibson, 2017/09/08
- [Qemu-ppc] [PULL 01/40] hw/ppc/spapr_drc.c: change spapr_drc_needed to use drc->dev, David Gibson, 2017/09/08
- [Qemu-ppc] [PULL 14/40] e500: Use cpu_index instead of vcpu_dt_id, David Gibson, 2017/09/08
- [Qemu-ppc] [PULL 17/40] booke206: fix booke206_tlbnps for mav 2.0, David Gibson, 2017/09/08
- [Qemu-ppc] [PULL 18/40] booke206: fix tlbnps for fixed size TLB, David Gibson, 2017/09/08
- [Qemu-ppc] [PULL 06/40] spapr_drc: use g_strdup_printf() instead of snprintf(),
David Gibson <=
- [Qemu-ppc] [PULL 20/40] ppc64: introduce e6500, David Gibson, 2017/09/08
- [Qemu-ppc] [PULL 19/40] booke206: allow to specify an mmucfg value at the init, David Gibson, 2017/09/08
- [Qemu-ppc] [PULL 15/40] ppc: spapr: Rename cpu_dt_id to vcpu_id, David Gibson, 2017/09/08
- [Qemu-ppc] [PULL 21/40] spapr_iommu: Realloc guest visible TCE table when hot(un)plugging vfio-pci, David Gibson, 2017/09/08
- [Qemu-ppc] [PULL 16/40] ppc: spapr: Make VCPU ID handling private to SPAPR, David Gibson, 2017/09/08
- [Qemu-ppc] [PULL 23/40] ppc4xx: Make MAL emulation more generic, David Gibson, 2017/09/08
- [Qemu-ppc] [PULL 13/40] spapr: add pseries-2.11 machine type, David Gibson, 2017/09/08
- [Qemu-ppc] [PULL 29/40] hw/nvram/spapr_nvram: Device can not be created by the users, David Gibson, 2017/09/08
- [Qemu-ppc] [PULL 27/40] ppc4xx: Export ECB and PLB emulation, David Gibson, 2017/09/08
- [Qemu-ppc] [PULL 28/40] hw/ppc/spapr_cpu_core: Add a proper check for spapr machine, David Gibson, 2017/09/08