[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 8/8] hw/i386: fix unbounded stack for load_multi
From: |
Peter Xu |
Subject: |
Re: [Qemu-devel] [PATCH 8/8] hw/i386: fix unbounded stack for load_multiboot |
Date: |
Wed, 9 Mar 2016 13:39:00 +0800 |
User-agent: |
Mutt/1.5.24 (2015-08-30) |
On Tue, Mar 08, 2016 at 01:29:21PM +0100, Paolo Bonzini wrote:
>
>
> On 08/03/2016 08:00, Peter Xu wrote:
> > @@ -159,6 +159,12 @@ int load_multiboot(FWCfgState *fw_cfg,
> > uint8_t *mb_bootinfo_data;
> > uint32_t cmdline_len;
> >
> > +#define __KERN_FNAME_LEN (1024)
> > +#define __KERN_CMDLINE_LEN (4096)
> > +
> > + assert(strlen(kernel_filename) + 1 >= __KERN_FNAME_LEN);
> > + assert(strlen(kernel_cmdline) + 1 >= __KERN_CMDLINE_LEN);
> > +
> > /* Ok, let's see if it is a multiboot image.
> > The header is 12x32bit long, so the latest entry may be 8192 - 48.
> > */
> > for (i = 0; i < (8192 - 48); i += 4) {
> > @@ -324,7 +330,7 @@ int load_multiboot(FWCfgState *fw_cfg,
> > }
> >
> > /* Commandline support */
> > - char kcmdline[strlen(kernel_filename) + strlen(kernel_cmdline) + 2];
> > + char kcmdline[__KERN_FNAME_LEN + __KERN_CMDLINE_LEN];
> > snprintf(kcmdline, sizeof(kcmdline), "%s %s",
> > kernel_filename, kernel_cmdline);
> > stl_p(bootinfo + MBI_CMDLINE, mb_add_cmdline(&mbs, kcmdline));
> > @@ -370,4 +376,6 @@ int load_multiboot(FWCfgState *fw_cfg,
> > nb_option_roms++;
> >
> > return 1; /* yes, we are multiboot */
> > +#undef __KERN_FNAME_LEN
> > +#undef __KERN_CMDLINE_LEN
>
> Just put it in the heap using g_strdup_printf.
Will fix and send standalone again. Thanks.
Peter
- Re: [Qemu-devel] [PATCH 6/8] usb: fix unbounded stack for usb_mtp_add_str, (continued)