hw/nvme: Avoid dynamic stack allocation
Instead of using a variable-length array in nvme_map_prp(), allocate on the stack with a g_autofree pointer. The codebase has very few VLAs, and if we can get rid of them all we can make the compiler error on new additions. This is a defensive measure against security bugs where an on-stack dynamic allocation isn't correctly size-checked (e.g. CVE-2021-3527). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
This commit is contained in:
parent
b02c2a85a6
commit
b3c8246750
@ -894,7 +894,7 @@ static uint16_t nvme_map_prp(NvmeCtrl *n, NvmeSg *sg, uint64_t prp1,
|
||||
len -= trans_len;
|
||||
if (len) {
|
||||
if (len > n->page_size) {
|
||||
uint64_t prp_list[n->max_prp_ents];
|
||||
g_autofree uint64_t *prp_list = g_new(uint64_t, n->max_prp_ents);
|
||||
uint32_t nents, prp_trans;
|
||||
int i = 0;
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user