| commit | b3c8246750b7077add335559341268f2956f6470 | |
| author | Peter Maydell <peter.maydell@linaro.org> | |
| Fri, 11 Aug 2023 17:47:51 +0000 (11 18:47 +0100) | ||
| committer | Klaus Jensen <k.jensen@samsung.com> | |
| Tue, 12 Sep 2023 14:17:05 +0000 (12 16:17 +0200) | ||
| tree | aca3f1feb22c308363c470f23646b4504570e9c3 | treesnapshot (tar.gz zip) |
| parent | b02c2a85a6c8e5ecc1bfca1ef794b5897c9ebad3 | commitdiff |
hw/nvme: Avoid dynamic stack allocation
Instead of using a variable-length array in nvme_map_prp(),
allocate on the stack with a g_autofree pointer.
The codebase has very few VLAs, and if we can get rid of them all we
can make the compiler error on new additions. This is a defensive
measure against security bugs where an on-stack dynamic allocation
isn't correctly size-checked (e.g. CVE-2021-3527).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Instead of using a variable-length array in nvme_map_prp(),
allocate on the stack with a g_autofree pointer.
The codebase has very few VLAs, and if we can get rid of them all we
can make the compiler error on new additions. This is a defensive
measure against security bugs where an on-stack dynamic allocation
isn't correctly size-checked (e.g. CVE-2021-3527).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
| hw/nvme/ctrl.c | diffblobblamehistory |