qemu-s390x
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 1/2] misc: Replace zero-length arrays with flexible array mem

From: Philippe Mathieu-Daudé
Subject: Re: [PATCH 1/2] misc: Replace zero-length arrays with flexible array member (automatic)
Date: Wed, 4 Mar 2020 15:12:36 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 
On 3/4/20 2:44 PM, Paolo Bonzini wrote:

On 04/03/20 14:12, Philippe Mathieu-Daudé wrote:


hw/scsi/spapr_vscsi.c:69:29: error: field 'iu' with variable sized type
'union viosrp_iu' not at the end of a struct or class is a GNU extension
[-Werror,-Wgnu-variable-sized-type-not-at-end]
     union viosrp_iu         iu;
                             ^

Yay we found a bug! Thanks Gustavo :)

union srp_iu {
     struct srp_login_req login_req;
     struct srp_login_rsp login_rsp;
     struct srp_login_rej login_rej;
     struct srp_i_logout i_logout;
     struct srp_t_logout t_logout;
     struct srp_tsk_mgmt tsk_mgmt;
     struct srp_cmd cmd;
     struct srp_rsp rsp;
     uint8_t reserved[SRP_MAX_IU_LEN];
};


It's variable-sized but it's okay as long as the total size doesn't
exceed SRP_MAX_IU_LEN.  So it's not a bug, but I agree it's a time bomb.
  Moving the field last should work, but it would still be quite
dangerous code.


Yeah I reached the same conclusion.

I'll send a fix for the dangerous code.
Do you want to drop this series, or only the change in 'struct srp_rsp' (or in all hw/scsi/srp.h). Actually I guess it makes sense I move the 'hw/scsi/srp.h' changes with the series cleaning dangerous code.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]