[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 5/8] usb: fix unbounded stack for inotify_watchf
From: |
Peter Maydell |
Subject: |
Re: [Qemu-devel] [PATCH 5/8] usb: fix unbounded stack for inotify_watchfn |
Date: |
Tue, 8 Mar 2016 14:20:47 +0700 |
On 8 March 2016 at 14:00, Peter Xu <address@hidden> wrote:
> Suggested-by: Paolo Bonzini <address@hidden>
> CC: Gerd Hoffmann <address@hidden>
> Signed-off-by: Peter Xu <address@hidden>
> ---
> hw/usb/dev-mtp.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
> index 7391783..e6dae2f 100644
> --- a/hw/usb/dev-mtp.c
> +++ b/hw/usb/dev-mtp.c
> @@ -432,13 +432,13 @@ static void inotify_watchfn(void *arg)
> {
> MTPState *s = arg;
> ssize_t bytes;
> +#define __BUF_LEN (sizeof(struct inotify_event) + NAME_MAX + 1)
> /* From the man page: atleast one event can be read */
> - int len = sizeof(struct inotify_event) + NAME_MAX + 1;
> int pos;
> - char buf[len];
> + char buf[__BUF_LEN];
The commit message subject says this is fixing an unbounded
stack usage, but (a) this array wasn't unbounded in size
(b) the change doesn't change the size we allocate.
What are you trying to do here?
thanks
-- PMM
- Re: [Qemu-devel] [PATCH 4/8] usb: fix unbounded stack for xhci_dma_write_u32s, (continued)
- Re: [Qemu-devel] [PATCH 4/8] usb: fix unbounded stack for xhci_dma_write_u32s, Paolo Bonzini, 2016/03/08
- Re: [Qemu-devel] [PATCH 4/8] usb: fix unbounded stack for xhci_dma_write_u32s, Peter Xu, 2016/03/09
- Re: [Qemu-devel] [PATCH 4/8] usb: fix unbounded stack for xhci_dma_write_u32s, Paolo Bonzini, 2016/03/09
- Re: [Qemu-devel] [PATCH 4/8] usb: fix unbounded stack for xhci_dma_write_u32s, Peter Xu, 2016/03/09
- Re: [Qemu-devel] [PATCH 4/8] usb: fix unbounded stack for xhci_dma_write_u32s, Markus Armbruster, 2016/03/09
- Re: [Qemu-devel] [PATCH 4/8] usb: fix unbounded stack for xhci_dma_write_u32s, Peter Xu, 2016/03/09
- Re: [Qemu-devel] [PATCH 4/8] usb: fix unbounded stack for xhci_dma_write_u32s, Markus Armbruster, 2016/03/09
- Re: [Qemu-devel] [PATCH 4/8] usb: fix unbounded stack for xhci_dma_write_u32s, Paolo Bonzini, 2016/03/09
- Re: [Qemu-devel] [PATCH 4/8] usb: fix unbounded stack for xhci_dma_write_u32s, Peter Xu, 2016/03/09
[Qemu-devel] [PATCH 5/8] usb: fix unbounded stack for inotify_watchfn, Peter Xu, 2016/03/08
- Re: [Qemu-devel] [PATCH 5/8] usb: fix unbounded stack for inotify_watchfn,
Peter Maydell <=
Re: [Qemu-devel] [PATCH 5/8] usb: fix unbounded stack for inotify_watchfn, Paolo Bonzini, 2016/03/08
[Qemu-devel] [PATCH 6/8] usb: fix unbounded stack for usb_mtp_add_str, Peter Xu, 2016/03/08
[Qemu-devel] [PATCH 7/8] migration: fix unbounded stack for source_return_path_thread, Peter Xu, 2016/03/08