[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 5/8] usb: fix unbounded stack for inotify_watchf
From: |
Paolo Bonzini |
Subject: |
Re: [Qemu-devel] [PATCH 5/8] usb: fix unbounded stack for inotify_watchfn |
Date: |
Tue, 8 Mar 2016 13:22:19 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 |
On 08/03/2016 08:00, Peter Xu wrote:
> Suggested-by: Paolo Bonzini <address@hidden>
> CC: Gerd Hoffmann <address@hidden>
> Signed-off-by: Peter Xu <address@hidden>
> ---
> hw/usb/dev-mtp.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
> index 7391783..e6dae2f 100644
> --- a/hw/usb/dev-mtp.c
> +++ b/hw/usb/dev-mtp.c
> @@ -432,13 +432,13 @@ static void inotify_watchfn(void *arg)
> {
> MTPState *s = arg;
> ssize_t bytes;
> +#define __BUF_LEN (sizeof(struct inotify_event) + NAME_MAX + 1)
> /* From the man page: atleast one event can be read */
> - int len = sizeof(struct inotify_event) + NAME_MAX + 1;
> int pos;
> - char buf[len];
> + char buf[__BUF_LEN];
>
> for (;;) {
> - bytes = read(s->inotifyfd, buf, len);
> + bytes = read(s->inotifyfd, buf, __BUF_LEN);
Again, here you can use ARRAY_SIZE(buf) and avoid the macro.
Paolo
> pos = 0;
>
> if (bytes <= 0) {
> @@ -534,6 +534,7 @@ static void inotify_watchfn(void *arg)
> }
> }
> }
> +#undef __BUF_LEN
> }
>
> static int usb_mtp_inotify_init(MTPState *s)
>