| Message ID | 20240125173211.1786196-3-peter.maydell@linaro.org |
|---|---|
| State | New |
| Headers | show |
| Series | Enable -Wvla, forbidding use of variable length arrays | expand |
On 25/01/2024 18.32, Peter Maydell wrote: > QEMU has historically used variable length arrays only very rarely. > Variable length arrays are a potential security issue where an > on-stack dynamic allocation isn't correctly size-checked, especially > when the size comes from the guest. (An example problem of this kind > from the past is CVE-2021-3527). Forbidding them entirely is a > defensive measure against further bugs of this kind. > > Enable -Wvla to prevent any new uses from sneaking into the codebase. > > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> > --- > meson.build | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/meson.build b/meson.build > index d0329966f1b..385b8247073 100644 > --- a/meson.build > +++ b/meson.build > @@ -601,6 +601,7 @@ warn_flags = [ > '-Wno-psabi', > '-Wno-gnu-variable-sized-type-not-at-end', > '-Wshadow=local', > + '-Wvla', > ] > > if host_os != 'darwin' Reviewed-by: Thomas Huth <thuth@redhat.com>
On Thu, Jan 25, 2024 at 05:32:11PM +0000, Peter Maydell wrote: > Date: Thu, 25 Jan 2024 17:32:11 +0000 > From: Peter Maydell <peter.maydell@linaro.org> > Subject: [PATCH 2/2] meson: Enable -Wvla > X-Mailer: git-send-email 2.34.1 > > QEMU has historically used variable length arrays only very rarely. > Variable length arrays are a potential security issue where an > on-stack dynamic allocation isn't correctly size-checked, especially > when the size comes from the guest. (An example problem of this kind > from the past is CVE-2021-3527). Forbidding them entirely is a > defensive measure against further bugs of this kind. > > Enable -Wvla to prevent any new uses from sneaking into the codebase. > > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> > --- > meson.build | 1 + > 1 file changed, 1 insertion(+) Reviewed-by: Zhao Liu <zhao1.liu@intel.com> > > diff --git a/meson.build b/meson.build > index d0329966f1b..385b8247073 100644 > --- a/meson.build > +++ b/meson.build > @@ -601,6 +601,7 @@ warn_flags = [ > '-Wno-psabi', > '-Wno-gnu-variable-sized-type-not-at-end', > '-Wshadow=local', > + '-Wvla', > ] > > if host_os != 'darwin' > -- > 2.34.1 > >
diff --git a/meson.build b/meson.build index d0329966f1b..385b8247073 100644 --- a/meson.build +++ b/meson.build @@ -601,6 +601,7 @@ warn_flags = [ '-Wno-psabi', '-Wno-gnu-variable-sized-type-not-at-end', '-Wshadow=local', + '-Wvla', ] if host_os != 'darwin'
QEMU has historically used variable length arrays only very rarely. Variable length arrays are a potential security issue where an on-stack dynamic allocation isn't correctly size-checked, especially when the size comes from the guest. (An example problem of this kind from the past is CVE-2021-3527). Forbidding them entirely is a defensive measure against further bugs of this kind. Enable -Wvla to prevent any new uses from sneaking into the codebase. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- meson.build | 1 + 1 file changed, 1 insertion(+)