From patchwork Fri Aug 11 17:52:29 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Peter Maydell <peter.maydell@linaro.org>
X-Patchwork-Id: 712619
Delivered-To: patch@linaro.org
Received: by 2002:ab3:63ce:0:b0:238:c968:2573 with SMTP id m14csp12864ltf;
 Fri, 11 Aug 2023 10:52:57 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IGHhrbAv0IovVNtsyGMFl8Mc6liGUQu55Cp8IhLEiozWDnxHnyOP7so4HIOXlEHo/XbmdO1
X-Received: by 2002:a9d:7616:0:b0:6b9:c609:cac0 with SMTP id
 k22-20020a9d7616000000b006b9c609cac0mr2578749otl.3.1691776377002;
 Fri, 11 Aug 2023 10:52:57 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1691776376; cv=none;
 d=google.com; s=arc-20160816;
 b=Vf8yk6ll41/+EYeg9B6GrjJEOA/+sEzcaO56D798Fv7bhtF4T+Qq7CO9hNnOm7zpus
 cG4Zr0LWEsuzOY4q6GDXKRJBdapB5+mgmILf7fCZolnL1PNrRWpF8ujZ6+gKUJKiB42Y
 0NZAPjtoT3TTIRJOuG+XIVzTyuTjJ8EvgnaQb5jgglWEaDxrHJb0366t0lOREZp6wnoL
 66iTmPOmDZq5793UHXuScsOnlNhqOBU9v2Oj0jvpcoaxL38voYiJMl3Pp/BekVaXqtYb
 JHCJ0YS6NkWtfkp2/pkOiMpPpAkXCRpSjsLEdIfusCQrH3wXK1qf3hK0IvU0ZrcTZv5n
 y9gQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:message-id:date:subject:cc:to:from:dkim-signature;
 bh=0JOKxNu5pIpmtJ54GHnKMrSSPvnvsbRrAJDm0W5c4co=;
 fh=Tm+9TlgWvNHIkBLjY8pHjVJK6UYviZu/pe5jTWp/wwY=;
 b=JbX5tBW67SsztDVzKtjoL7djrVLAQ+V4imWfz5JPZAk2ODZOP6tAPPDoXP78XLlzTA
 WGwI8wCuycmHPQjBmxznqnGMz4Tr/UVyD0VFWDw64EZWMzUZjhDoloRHqBV3KukewE4a
 sQDTPnUrsgTxiscTJ0DuFT3mfoi/DEt/XtEcoKtADiGvkTY0qNj70DluaKdKuQ7YxBXG
 bGrAHFEmZ1ER3pY76xZrjUhQ6CDw60KGhnj0nyRrLSzh1dob7MrEmDjeiyj863+erSqw
 Ly1smFZYAlbaGSgnzGAQZ9g2IV7uydMef7kRhytA/L7hxpeKUuevWWfz57l8ZAnJyv+Z
 Fvig==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b="iHoOQ/7A";
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 x1-20020ae9e641000000b0076719299da1si2499585qkl.766.2023.08.11.10.52.56
 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
 Fri, 11 Aug 2023 10:52:56 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b="iHoOQ/7A";
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from localhost ([::1] helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <qemu-devel-bounces@nongnu.org>)
 id 1qUWJT-0000va-7Z; Fri, 11 Aug 2023 13:52:39 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1qUWJR-0000uu-EH
 for qemu-devel@nongnu.org; Fri, 11 Aug 2023 13:52:37 -0400
Received: from mail-wm1-x32f.google.com ([2a00:1450:4864:20::32f])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1qUWJP-0005q9-S4
 for qemu-devel@nongnu.org; Fri, 11 Aug 2023 13:52:37 -0400
Received: by mail-wm1-x32f.google.com with SMTP id
 5b1f17b1804b1-3fe5c0e5747so13606695e9.0
 for <qemu-devel@nongnu.org>; Fri, 11 Aug 2023 10:52:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1691776351; x=1692381151;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:from:to:cc:subject:date:message-id:reply-to;
 bh=0JOKxNu5pIpmtJ54GHnKMrSSPvnvsbRrAJDm0W5c4co=;
 b=iHoOQ/7ArumKkihGK17hzcTNoJsXncpDqTdkJqxsqsEW5IPrru3hxuPMnBHkncWrIy
 yMKUXYhz/UsBeirKOxtXkRWCLg/UUrvRxUI7O5kCgczixF7d5Dx8HnW96tQ1HiVoxgBf
 ovHjLw5JeyEzvs3MTmqWZcQYFUacLdkqtaBbaQ52j4GKlr9k1hm6iEvuOlcfJT44C5wJ
 HgMaoTVCOSV+SzXkapWuzYhwMYlW09ZFk2jzviYJcDMlcPbGOOszqY5UwIlI0T/kGnXw
 68HRI93QJ2tXCyTgY1R53ns8zUP85BMCwG4SJXD7nxizIXinlDc1FGJcW4qV3dRjhXap
 HiOw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20221208; t=1691776351; x=1692381151;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=0JOKxNu5pIpmtJ54GHnKMrSSPvnvsbRrAJDm0W5c4co=;
 b=EpLGmMap2DjrZWrtRWwRNT+nYijQwQetdRlxOc4PM/ie5iNXSbPU/iaVeGhc7ikwCN
 WhKI+FRfFE0Jz29cp4fRbb6Q5BCO6fVMeh2T+E8h3sNmDQXw4qTVZO4iydEsFGWBSY8O
 JXNUdbdthhFllEJv9Jr/RO0iLvw5Z2L7re9ASIekZGrAWtyW+aMPn3IBcG+o+NH+GPGA
 os3qHClnNb8sFjJB5C6XM/0P7N4+peqpiepI0pmo7cxWxNYa22rA6YBrnDiQe7iVJokq
 shShBx/MQsH2C467PKXSRn8pqxqnYf3M9ZjBV9YhHHATDiFcBi7WjJQm7i7ujr+Dq8fI
 JNRw==
X-Gm-Message-State: AOJu0Yyn/xfAS6VgLnUkPqMfMnyqZV+5KI5TC5FmbMvb0VCskjVWqfH5
 r4T4zCsQz4lEk/Su9Y9/h0/bgPFb74h88qlDEVI=
X-Received: by 2002:a7b:c8c5:0:b0:3fe:23ec:2494 with SMTP id
 f5-20020a7bc8c5000000b003fe23ec2494mr2257712wml.7.1691776350756;
 Fri, 11 Aug 2023 10:52:30 -0700 (PDT)
Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2])
 by smtp.gmail.com with ESMTPSA id
 s11-20020a5d510b000000b0031417fd473csm6073421wrt.78.2023.08.11.10.52.30
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 11 Aug 2023 10:52:30 -0700 (PDT)
From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Cc: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= <philmd@linaro.org>,
 Kevin Wolf <kwolf@redhat.com>, Hanna Reitz <hreitz@redhat.com>,
 qemu-block@nongnu.org
Subject: [PATCH] block/vpc: Avoid dynamic stack allocation
Date: Fri, 11 Aug 2023 18:52:29 +0100
Message-Id: <20230811175229.808139-1-peter.maydell@linaro.org>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
Received-SPF: pass client-ip=2a00:1450:4864:20::32f;
 envelope-from=peter.maydell@linaro.org; helo=mail-wm1-x32f.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org

From: Philippe Mathieu-Daudé <philmd@redhat.com>

Use autofree heap allocation instead of variable-length array on the
stack. Here we don't expect the bitmap size to be enormous, and
since we're about to read/write it to disk the overhead of the
allocation should be fine.

The codebase has very few VLAs, and if we can get rid of them all we
can make the compiler error on new additions.  This is a defensive
measure against security bugs where an on-stack dynamic allocation
isn't correctly size-checked (e.g.  CVE-2021-3527).

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
[PMM: expanded commit message]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
---
 block/vpc.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/block/vpc.c b/block/vpc.c
index 3810a601a38..ceb87dd3d8e 100644
--- a/block/vpc.c
+++ b/block/vpc.c
@@ -510,7 +510,7 @@ get_image_offset(BlockDriverState *bs, uint64_t offset, bool write, int *err)
        miss sparse read optimization, but it's not a problem in terms of
        correctness. */
     if (write && (s->last_bitmap_offset != bitmap_offset)) {
-        uint8_t bitmap[s->bitmap_size];
+        g_autofree uint8_t *bitmap = g_malloc(s->bitmap_size);
         int r;
 
         s->last_bitmap_offset = bitmap_offset;
@@ -558,7 +558,7 @@ alloc_block(BlockDriverState *bs, int64_t offset)
     int64_t bat_offset;
     uint32_t index, bat_value;
     int ret;
-    uint8_t bitmap[s->bitmap_size];
+    g_autofree uint8_t *bitmap = g_malloc(s->bitmap_size);
 
     /* Check if sector_num is valid */
     if ((offset < 0) || (offset > bs->total_sectors * BDRV_SECTOR_SIZE)) {