* [Qemu-devel] [PATCH] qdict: fix unbounded stack for qdict_array_entries
@ 2016-03-09 6:03 Peter Xu
2016-03-10 1:36 ` Peter Xu
0 siblings, 1 reply; 4+ messages in thread
From: Peter Xu @ 2016-03-09 6:03 UTC (permalink / raw)
To: qemu-devel; +Cc: pbonzini, peterx
Signed-off-by: Peter Xu <peterx@redhat.com>
---
qobject/qdict.c | 15 ++++++---------
1 file changed, 6 insertions(+), 9 deletions(-)
diff --git a/qobject/qdict.c b/qobject/qdict.c
index 9833bd0..9188a87 100644
--- a/qobject/qdict.c
+++ b/qobject/qdict.c
@@ -704,19 +704,16 @@ int qdict_array_entries(QDict *src, const char *subqdict)
for (i = 0; i < INT_MAX; i++) {
QObject *subqobj;
int subqdict_entries;
- size_t slen = 32 + subqdict_len;
- char indexstr[slen], prefix[slen];
- size_t snprintf_ret;
+ char *prefix = g_strdup_printf("%s%u.", subqdict, i);
- snprintf_ret = snprintf(indexstr, slen, "%s%u", subqdict, i);
- assert(snprintf_ret < slen);
+ subqdict_entries = qdict_count_prefixed_entries(src, prefix);
- subqobj = qdict_get(src, indexstr);
+ /* Remove ending "." */
+ prefix[strlen(prefix) - 1] = 0x00;
+ subqobj = qdict_get(src, prefix);
- snprintf_ret = snprintf(prefix, slen, "%s%u.", subqdict, i);
- assert(snprintf_ret < slen);
+ g_free(prefix);
- subqdict_entries = qdict_count_prefixed_entries(src, prefix);
if (subqdict_entries < 0) {
return subqdict_entries;
}
--
2.4.3
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [Qemu-devel] [PATCH] qdict: fix unbounded stack for qdict_array_entries
2016-03-09 6:03 [Qemu-devel] [PATCH] qdict: fix unbounded stack for qdict_array_entries Peter Xu
@ 2016-03-10 1:36 ` Peter Xu
2016-03-21 20:58 ` Eric Blake
0 siblings, 1 reply; 4+ messages in thread
From: Peter Xu @ 2016-03-10 1:36 UTC (permalink / raw)
To: qemu-devel; +Cc: Kevin Wolf, pbonzini, Markus Armbruster
Sorry to forgot CCing Eric/Markus/Kevin.
This patch title is not correct, which should be:
"Fix unbounded stack warning for qdict_array_entries"
Do I need to re-send with the same content?
I'm using g_strdup_printf() here, considering it's most convenient,
safe, and as long as it's called rarely only when quorum device
opens.
Thanks.
Peter
On Wed, Mar 09, 2016 at 02:03:38PM +0800, Peter Xu wrote:
> Signed-off-by: Peter Xu <peterx@redhat.com>
> ---
> qobject/qdict.c | 15 ++++++---------
> 1 file changed, 6 insertions(+), 9 deletions(-)
>
> diff --git a/qobject/qdict.c b/qobject/qdict.c
> index 9833bd0..9188a87 100644
> --- a/qobject/qdict.c
> +++ b/qobject/qdict.c
> @@ -704,19 +704,16 @@ int qdict_array_entries(QDict *src, const char *subqdict)
> for (i = 0; i < INT_MAX; i++) {
> QObject *subqobj;
> int subqdict_entries;
> - size_t slen = 32 + subqdict_len;
> - char indexstr[slen], prefix[slen];
> - size_t snprintf_ret;
> + char *prefix = g_strdup_printf("%s%u.", subqdict, i);
>
> - snprintf_ret = snprintf(indexstr, slen, "%s%u", subqdict, i);
> - assert(snprintf_ret < slen);
> + subqdict_entries = qdict_count_prefixed_entries(src, prefix);
>
> - subqobj = qdict_get(src, indexstr);
> + /* Remove ending "." */
> + prefix[strlen(prefix) - 1] = 0x00;
> + subqobj = qdict_get(src, prefix);
>
> - snprintf_ret = snprintf(prefix, slen, "%s%u.", subqdict, i);
> - assert(snprintf_ret < slen);
> + g_free(prefix);
>
> - subqdict_entries = qdict_count_prefixed_entries(src, prefix);
> if (subqdict_entries < 0) {
> return subqdict_entries;
> }
> --
> 2.4.3
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Qemu-devel] [PATCH] qdict: fix unbounded stack for qdict_array_entries
2016-03-10 1:36 ` Peter Xu
@ 2016-03-21 20:58 ` Eric Blake
2016-03-22 2:25 ` Peter Xu
0 siblings, 1 reply; 4+ messages in thread
From: Eric Blake @ 2016-03-21 20:58 UTC (permalink / raw)
To: Peter Xu, qemu-devel; +Cc: Kevin Wolf, pbonzini, Markus Armbruster
[-- Attachment #1: Type: text/plain, Size: 2354 bytes --]
On 03/09/2016 06:36 PM, Peter Xu wrote:
> Sorry to forgot CCing Eric/Markus/Kevin.
>
> This patch title is not correct, which should be:
>
> "Fix unbounded stack warning for qdict_array_entries"
Keep the 'qdict:' prefix, but yes, adding "warning" helps the commit
message.
>
> Do I need to re-send with the same content?
For just the title adjustment, it's up to the maintainer. Often, a
maintainer will make small changes like that before sending a pull request.
>
> I'm using g_strdup_printf() here, considering it's most convenient,
> safe, and as long as it's called rarely only when quorum device
> opens.
On the other hand, this information might have been useful...
>
> Thanks.
> Peter
>
> On Wed, Mar 09, 2016 at 02:03:38PM +0800, Peter Xu wrote:
>> Signed-off-by: Peter Xu <peterx@redhat.com>
...in the commit body proper (explaining why you are always allocating,
because it is not a hot path). So a v2 might indeed be easier.
>> +++ b/qobject/qdict.c
>> @@ -704,19 +704,16 @@ int qdict_array_entries(QDict *src, const char *subqdict)
>> for (i = 0; i < INT_MAX; i++) {
>> QObject *subqobj;
>> int subqdict_entries;
>> - size_t slen = 32 + subqdict_len;
>> - char indexstr[slen], prefix[slen];
>> - size_t snprintf_ret;
>> + char *prefix = g_strdup_printf("%s%u.", subqdict, i);
If we were worried that this could be a hot path, you could add a %n and
&len here...
>>
>> - snprintf_ret = snprintf(indexstr, slen, "%s%u", subqdict, i);
>> - assert(snprintf_ret < slen);
>> + subqdict_entries = qdict_count_prefixed_entries(src, prefix);
>>
>> - subqobj = qdict_get(src, indexstr);
>> + /* Remove ending "." */
>> + prefix[strlen(prefix) - 1] = 0x00;
...to avoid the strlen() call here. But this is not a hot path, and %n
always makes me worry about security, so I'm fine with your approach.
However, 0x00 is a rather verbose way of writing 0 (and even if you want
verbosity, '\0' is more idiomatic 0x00).
At this point, if you send a v2 with s/0x00/0/ and the improved commit
message, you can also include:
Reviewed-by: Eric Blake <eblake@redhat.com>
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Qemu-devel] [PATCH] qdict: fix unbounded stack for qdict_array_entries
2016-03-21 20:58 ` Eric Blake
@ 2016-03-22 2:25 ` Peter Xu
0 siblings, 0 replies; 4+ messages in thread
From: Peter Xu @ 2016-03-22 2:25 UTC (permalink / raw)
To: Eric Blake; +Cc: Kevin Wolf, pbonzini, qemu-devel, Markus Armbruster
On Mon, Mar 21, 2016 at 02:58:25PM -0600, Eric Blake wrote:
> On 03/09/2016 06:36 PM, Peter Xu wrote:
> > Sorry to forgot CCing Eric/Markus/Kevin.
> >
> > This patch title is not correct, which should be:
> >
> > "Fix unbounded stack warning for qdict_array_entries"
>
> Keep the 'qdict:' prefix, but yes, adding "warning" helps the commit
> message.
>
> >
> > Do I need to re-send with the same content?
>
> For just the title adjustment, it's up to the maintainer. Often, a
> maintainer will make small changes like that before sending a pull request.
>
> >
> > I'm using g_strdup_printf() here, considering it's most convenient,
> > safe, and as long as it's called rarely only when quorum device
> > opens.
>
> On the other hand, this information might have been useful...
>
> >
> > Thanks.
> > Peter
> >
> > On Wed, Mar 09, 2016 at 02:03:38PM +0800, Peter Xu wrote:
> >> Signed-off-by: Peter Xu <peterx@redhat.com>
>
> ...in the commit body proper (explaining why you are always allocating,
> because it is not a hot path). So a v2 might indeed be easier.
>
> >> +++ b/qobject/qdict.c
> >> @@ -704,19 +704,16 @@ int qdict_array_entries(QDict *src, const char *subqdict)
> >> for (i = 0; i < INT_MAX; i++) {
> >> QObject *subqobj;
> >> int subqdict_entries;
> >> - size_t slen = 32 + subqdict_len;
> >> - char indexstr[slen], prefix[slen];
> >> - size_t snprintf_ret;
> >> + char *prefix = g_strdup_printf("%s%u.", subqdict, i);
>
> If we were worried that this could be a hot path, you could add a %n and
> &len here...
>
> >>
> >> - snprintf_ret = snprintf(indexstr, slen, "%s%u", subqdict, i);
> >> - assert(snprintf_ret < slen);
> >> + subqdict_entries = qdict_count_prefixed_entries(src, prefix);
> >>
> >> - subqobj = qdict_get(src, indexstr);
> >> + /* Remove ending "." */
> >> + prefix[strlen(prefix) - 1] = 0x00;
>
> ...to avoid the strlen() call here. But this is not a hot path, and %n
> always makes me worry about security, so I'm fine with your approach.
>
> However, 0x00 is a rather verbose way of writing 0 (and even if you want
> verbosity, '\0' is more idiomatic 0x00).
>
> At this point, if you send a v2 with s/0x00/0/ and the improved commit
> message, you can also include:
> Reviewed-by: Eric Blake <eblake@redhat.com>
Will respin just like above, and with you r-b. Thanks!
-- peterx
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-03-22 2:26 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-03-09 6:03 [Qemu-devel] [PATCH] qdict: fix unbounded stack for qdict_array_entries Peter Xu
2016-03-10 1:36 ` Peter Xu
2016-03-21 20:58 ` Eric Blake
2016-03-22 2:25 ` Peter Xu
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.