|
From: | Eric Blake |
Subject: | Re: [Qemu-ppc] [Qemu-devel] [PATCH for-4.0 0/9] ppc: get rid of g_malloc(sizeof(T) * n) |
Date: | Tue, 27 Nov 2018 07:16:44 -0600 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.0 |
On 11/27/18 7:04 AM, Greg Kurz wrote:
As explained in HACKING, the g_malloc(sizeof(T) * n) construct is unsafe because it can't detect multiplication overflowing size_t and doesn't allow type checking. It appears to be used in a bunch of places though: $ git grep -E 'malloc.*sizeof' | grep ' \* ' | wc -l 101 This series fixes the ppc target and ppc machine code. The changes are mostly trivial. Only the mac99 and e500 machines required some more work that should be reviewed carefully, as it was only compile-tested.
Did you do this all manually, or did you try to use Coccinelle? Hmm - we have a Coccinelle script for this mentioned in commit b45c03f (most recently reused in bdd81add) - but it is not yet in scripts/coccinelle/. Maybe that would be worth doing now.
-- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org
[Prev in Thread] | Current Thread | [Next in Thread] |