On Sep 12 15:15, Peter Maydell wrote:
> On Mon, 14 Aug 2023 at 08:09, Klaus Jensen wrote:
> >
> > On Aug 11 18:47, Peter Maydell wrote:
> > > The QEMU codebase has very few C variable length arrays, and if we can
> > > get rid of them all we can make the compiler error on new additions.
> > > This
On Mon, 14 Aug 2023 at 08:09, Klaus Jensen wrote:
>
> On Aug 11 18:47, Peter Maydell wrote:
> > The QEMU codebase has very few C variable length arrays, and if we can
> > get rid of them all we can make the compiler error on new additions.
> > This is a defensive measure against security bugs wher
On 11/8/23 19:47, Peter Maydell wrote:
The QEMU codebase has very few C variable length arrays, and if we can
get rid of them all we can make the compiler error on new additions.
This is a defensive measure against security bugs where an on-stack
dynamic allocation isn't correctly size-checked (e
On Aug 11 18:47, Peter Maydell wrote:
> The QEMU codebase has very few C variable length arrays, and if we can
> get rid of them all we can make the compiler error on new additions.
> This is a defensive measure against security bugs where an on-stack
> dynamic allocation isn't correctly size-check
The QEMU codebase has very few C variable length arrays, and if we can
get rid of them all we can make the compiler error on new additions.
This is a defensive measure against security bugs where an on-stack
dynamic allocation isn't correctly size-checked (e.g. CVE-2021-3527).
We last had a go at
