[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 23/30] audio/jackaudio: Avoid dynamic stack allocation in qjack_cl
From: |
Peter Maydell |
Subject: |
[PULL 23/30] audio/jackaudio: Avoid dynamic stack allocation in qjack_client_init |
Date: |
Thu, 21 Sep 2023 18:37:13 +0100 |
Avoid a dynamic stack allocation in qjack_client_init(), by using
a g_autofree heap allocation instead.
(We stick with allocate + snprintf() because the JACK API requires
the name to be no more than its maximum size, so g_strdup_printf()
would require an extra truncation step.)
The codebase has very few VLAs, and if we can get rid of them all we
can make the compiler error on new additions. This is a defensive
measure against security bugs where an on-stack dynamic allocation
isn't correctly size-checked (e.g. CVE-2021-3527).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Message-id: 20230818155846.1651287-2-peter.maydell@linaro.org
---
audio/jackaudio.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/audio/jackaudio.c b/audio/jackaudio.c
index 5bdf3d7a78d..7cb2a49f971 100644
--- a/audio/jackaudio.c
+++ b/audio/jackaudio.c
@@ -400,7 +400,8 @@ static void qjack_client_connect_ports(QJackClient *c)
static int qjack_client_init(QJackClient *c)
{
jack_status_t status;
- char client_name[jack_client_name_size()];
+ int client_name_len = jack_client_name_size(); /* includes NUL */
+ g_autofree char *client_name = g_new(char, client_name_len);
jack_options_t options = JackNullOption;
if (c->state == QJACK_STATE_RUNNING) {
@@ -409,7 +410,7 @@ static int qjack_client_init(QJackClient *c)
c->connect_ports = true;
- snprintf(client_name, sizeof(client_name), "%s-%s",
+ snprintf(client_name, client_name_len, "%s-%s",
c->out ? "out" : "in",
c->opt->client_name ? c->opt->client_name : audio_application_name());
--
2.34.1
- [PULL 10/30] target/arm: Remove unused allocation_tag_mem() argument, (continued)
- [PULL 10/30] target/arm: Remove unused allocation_tag_mem() argument, Peter Maydell, 2023/09/21
- [PULL 12/30] target/arm: Implement FEAT_MOPS enable bits, Peter Maydell, 2023/09/21
- [PULL 14/30] target/arm: Define syndrome function for MOPS exceptions, Peter Maydell, 2023/09/21
- [PULL 17/30] target/arm: Implement the SET* instructions, Peter Maydell, 2023/09/21
- [PULL 05/30] linux-user/elfload.c: Add missing arm and arm64 hwcap values, Peter Maydell, 2023/09/21
- [PULL 19/30] target/arm: Implement the SETG* instructions, Peter Maydell, 2023/09/21
- [PULL 20/30] target/arm: Implement MTE tag-checking functions for FEAT_MOPS copies, Peter Maydell, 2023/09/21
- [PULL 16/30] target/arm: Implement MTE tag-checking functions for FEAT_MOPS, Peter Maydell, 2023/09/21
- [PULL 13/30] target/arm: Pass unpriv bool to get_a64_user_mem_index(), Peter Maydell, 2023/09/21
- [PULL 06/30] linux-user/elfload.c: Report previously missing arm32 hwcaps, Peter Maydell, 2023/09/21
- [PULL 23/30] audio/jackaudio: Avoid dynamic stack allocation in qjack_client_init,
Peter Maydell <=
- [PULL 21/30] target/arm: Implement the CPY* instructions, Peter Maydell, 2023/09/21
- [PULL 18/30] target/arm: Define new TB flag for ATA0, Peter Maydell, 2023/09/21
- [PULL 28/30] elf2dmp: introduce merging of physical memory runs, Peter Maydell, 2023/09/21
- [PULL 15/30] target/arm: New function allocation_tag_mem_probe(), Peter Maydell, 2023/09/21
- [PULL 29/30] elf2dmp: use Linux mmap with MAP_NORESERVE when possible, Peter Maydell, 2023/09/21
- [PULL 24/30] audio/jackaudio: Avoid dynamic stack allocation in qjack_process(), Peter Maydell, 2023/09/21
- [PULL 30/30] elf2dmp: rework PDB_STREAM_INDEXES::segments obtaining, Peter Maydell, 2023/09/21
- [PULL 27/30] elf2dmp: introduce physical block alignment, Peter Maydell, 2023/09/21
- [PULL 25/30] sbsa-ref: add non-secure EL2 virtual timer, Peter Maydell, 2023/09/21
- [PULL 26/30] elf2dmp: replace PE export name check with PDB name check, Peter Maydell, 2023/09/21