Message ID | 20220531092540.10151-2-cfontana@suse.de |
---|---|
State | New |
Headers | show |
Series | pci: fix overflow in printf string formatting | expand |
On Tue, 31 May 2022 at 10:34, Claudio Fontana <cfontana@suse.de> wrote: > > Signed-off-by: Claudio Fontana <cfontana@suse.de> It would be helpful to note in the commit message how bad the overflow is, in what situations it can happen, and how it was detected. thanks -- PMM
On 5/31/22 11:47, Peter Maydell wrote: > On Tue, 31 May 2022 at 10:34, Claudio Fontana <cfontana@suse.de> wrote: >> >> Signed-off-by: Claudio Fontana <cfontana@suse.de> > > It would be helpful to note in the commit message how > bad the overflow is, in what situations it can happen, > and how it was detected. > > thanks > -- PMM Hi Peter, sorry I should have linked to this previous message by Dario: https://lists.gnu.org/archive/html/qemu-devel/2022-05/msg05518.html It was detected when building QEMU with FORTIFY_SOURCE=3. Thanks, Claudio
On 5/31/22 11:55, Claudio Fontana wrote: > On 5/31/22 11:47, Peter Maydell wrote: >> On Tue, 31 May 2022 at 10:34, Claudio Fontana <cfontana@suse.de> wrote: >>> >>> Signed-off-by: Claudio Fontana <cfontana@suse.de> >> >> It would be helpful to note in the commit message how >> bad the overflow is, in what situations it can happen, >> and how it was detected. >> >> thanks >> -- PMM > > Hi Peter, > > sorry I should have linked to this previous message by Dario: > > https://lists.gnu.org/archive/html/qemu-devel/2022-05/msg05518.html > > It was detected when building QEMU with FORTIFY_SOURCE=3. > > Thanks, > > Claudio > > Will resend with more explanation in the commit message btw.
diff --git a/hw/pci/pci.c b/hw/pci/pci.c index a9b37f8000..6e7015329c 100644 --- a/hw/pci/pci.c +++ b/hw/pci/pci.c @@ -2640,15 +2640,15 @@ static char *pci_dev_fw_name(DeviceState *dev, char *buf, int len) static char *pcibus_get_fw_dev_path(DeviceState *dev) { PCIDevice *d = (PCIDevice *)dev; - char path[50], name[33]; - int off; - - off = snprintf(path, sizeof(path), "%s@%x", - pci_dev_fw_name(dev, name, sizeof name), - PCI_SLOT(d->devfn)); - if (PCI_FUNC(d->devfn)) - snprintf(path + off, sizeof(path) + off, ",%x", PCI_FUNC(d->devfn)); - return g_strdup(path); + char name[33]; + int has_func = !!PCI_FUNC(d->devfn); + + return g_strdup_printf("%s@%x%s%.*x", + pci_dev_fw_name(dev, name, sizeof(name)), + PCI_SLOT(d->devfn), + has_func ? "," : "", + has_func, + PCI_FUNC(d->devfn)); } static char *pcibus_get_dev_path(DeviceState *dev)
Signed-off-by: Claudio Fontana <cfontana@suse.de> --- hw/pci/pci.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-)