Re: [PATCH 3/3] ui/vnc-enc-tight: Avoid dynamic stack allocation

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 3/3] ui/vnc-enc-tight: Avoid dynamic stack allocation

From:	Francisco Iglesias
Subject:	Re: [PATCH 3/3] ui/vnc-enc-tight: Avoid dynamic stack allocation
Date:	Mon, 21 Aug 2023 09:26:14 +0200
User-agent:	Mutt/1.10.1 (2018-07-13)

On [2023 Aug 18] Fri 16:10:57, Peter Maydell wrote:
> From: Philippe Mathieu-Daudé <philmd@redhat.com>
> 
> Use autofree heap allocation instead of variable-length
> array on the stack.
> 
> The codebase has very few VLAs, and if we can get rid of them all we
> can make the compiler error on new additions.  This is a defensive
> measure against security bugs where an on-stack dynamic allocation
> isn't correctly size-checked (e.g.  CVE-2021-3527).
> 
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> [PMM: expanded commit message]
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>

> ---
>  ui/vnc-enc-tight.c | 11 ++++++-----
>  1 file changed, 6 insertions(+), 5 deletions(-)
> 
> diff --git a/ui/vnc-enc-tight.c b/ui/vnc-enc-tight.c
> index ee853dcfcb8..41f559eb837 100644
> --- a/ui/vnc-enc-tight.c
> +++ b/ui/vnc-enc-tight.c
> @@ -1097,13 +1097,13 @@ static int send_palette_rect(VncState *vs, int x, int 
> y,
>      switch (vs->client_pf.bytes_per_pixel) {
>      case 4:
>      {
> -        size_t old_offset, offset;
> -        uint32_t header[palette_size(palette)];
> +        size_t old_offset, offset, palette_sz = palette_size(palette);
> +        g_autofree uint32_t *header = g_new(uint32_t, palette_sz);
>          struct palette_cb_priv priv = { vs, (uint8_t *)header };
>  
>          old_offset = vs->output.offset;
>          palette_iter(palette, write_palette, &priv);
> -        vnc_write(vs, header, sizeof(header));
> +        vnc_write(vs, header, palette_sz * sizeof(uint32_t));
>  
>          if (vs->tight->pixel24) {
>              tight_pack24(vs, vs->output.buffer + old_offset, colors, 
> &offset);
> @@ -1115,11 +1115,12 @@ static int send_palette_rect(VncState *vs, int x, int 
> y,
>      }
>      case 2:
>      {
> -        uint16_t header[palette_size(palette)];
> +        size_t palette_sz = palette_size(palette);
> +        g_autofree uint16_t *header = g_new(uint16_t, palette_sz);
>          struct palette_cb_priv priv = { vs, (uint8_t *)header };
>  
>          palette_iter(palette, write_palette, &priv);
> -        vnc_write(vs, header, sizeof(header));
> +        vnc_write(vs, header, palette_sz * sizeof(uint16_t));
>          tight_encode_indexed_rect16(vs->tight->tight.buffer, w * h, palette);
>          break;
>      }
> -- 
> 2.34.1
> 
>

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 0/3] ui: avoid dynamic stack allocations, Peter Maydell, 2023/08/18
- [PATCH 1/3] ui/spice-display: Avoid dynamic stack allocation, Peter Maydell, 2023/08/18
  - Re: [PATCH 1/3] ui/spice-display: Avoid dynamic stack allocation, Philippe Mathieu-Daudé, 2023/08/18
- [PATCH 2/3] ui/vnc-enc-hextile: Use static rather than dynamic length stack array, Peter Maydell, 2023/08/18
  - Re: [PATCH 2/3] ui/vnc-enc-hextile: Use static rather than dynamic length stack array, Philippe Mathieu-Daudé, 2023/08/18
  - Re: [PATCH 2/3] ui/vnc-enc-hextile: Use static rather than dynamic length stack array, Marc-André Lureau, 2023/08/21
- [PATCH 3/3] ui/vnc-enc-tight: Avoid dynamic stack allocation, Peter Maydell, 2023/08/18
  - Re: [PATCH 3/3] ui/vnc-enc-tight: Avoid dynamic stack allocation, Francisco Iglesias <=

Prev by Date: Re: [PATCH v2 19/23] tcg/i386: Merge tcg_out_movcond{32,64}
Next by Date: Re: [PATCH 02/21] preallocate: Factor out preallocate_truncate_to_real_size()
Previous by thread: [PATCH 3/3] ui/vnc-enc-tight: Avoid dynamic stack allocation
Next by thread: Re: [PATCH v3 2/8] vdpa: Use iovec for vhost_vdpa_net_cvq_add()
Index(es):
- Date
- Thread