On 03/06/2017 01:17 AM, P J P wrote: > From: Prasad J Pandit <p...@fedoraproject.org> > > Arguments passed to execve(2) call from user program could > be large, allocating stack memory for them via alloca(3) call > would lead to bad behaviour. Use 'g_malloc0' to allocate memory > for such arguments. > > Signed-off-by: Prasad J Pandit <p...@fedoraproject.org> > --- > linux-user/syscall.c | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-)
Is this patch alone (without 1/2) sufficient to solve the problem? If so, then drop 1/2. > > Update per: replace alloca() with g_malloc0() > -> https://lists.gnu.org/archive/html/qemu-devel/2017-03/msg00750.html > > diff --git a/linux-user/syscall.c b/linux-user/syscall.c > index 86a4a9c..404fb0b 100644 > --- a/linux-user/syscall.c > +++ b/linux-user/syscall.c > @@ -7800,8 +7800,8 @@ abi_long do_syscall(void *cpu_env, int num, abi_long > arg1, What version of qemu are you patching? Line 7800 of current master is nowhere near 'case TARGET_NR_execve:' (line 7899) > ret = -TARGET_E2BIG; > break; > } and current master has 'goto efault' rather than directly setting ret at this point. > - argp = alloca((argc + 1) * sizeof(void *)); > - envp = alloca((envc + 1) * sizeof(void *)); > + argp = g_malloc0((argc + 1) * sizeof(void *)); > + envp = g_malloc0((envc + 1) * sizeof(void *)); Subject to a potential multiplication overflow. I'd prefer: g_new0(void *, argc + 1); as that is guaranteed to not overflow. > > for (gp = guest_argp, q = argp; gp; > gp += sizeof(abi_ulong), q++) { > @@ -7862,6 +7862,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long > arg1, > break; > unlock_user(*q, addr, 0); > } > + > + g_free(argp); > + g_free(envp); > } > break; > case TARGET_NR_chdir: > -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
