From patchwork Fri Aug 18 15:58:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 714639 Delivered-To: patch@linaro.org Received: by 2002:a5d:484e:0:b0:317:ecd7:513f with SMTP id n14csp584302wrs; Fri, 18 Aug 2023 08:59:25 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGHcNOoKKM/KfM72ffIf2SW1vO15FzIA5rHnoxtl6rxrzBgOnedq6me/M3wNXwT39PVtSpZ X-Received: by 2002:a0c:f0cb:0:b0:631:fea4:cb69 with SMTP id d11-20020a0cf0cb000000b00631fea4cb69mr3138126qvl.41.1692374365401; Fri, 18 Aug 2023 08:59:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692374365; cv=none; d=google.com; s=arc-20160816; b=KrVUlDW5rk9hMnlWAVwJFoqwto/eEDakzhOPndO809Pk/waz3sKfLeNXETzFpoLGPL 0ys/Ex2fS+IdKKONs3FZHq4CDOB/EJz2S8v3c5lkedMp7NFq+y9NS1VpxM7RhcmjWrBf cIIWYbseTTfCCgQfsPRClWEYaDK7TMhVpFTYK1cQqgkTf5QNnt3yLhBzzsdwYScgvPeB YLwn8klI3g+oKUl7y+elTnBP9hoTeCv1JU7PXyv5yJ6bM6+tWk4HpQfALtedNCrUDynV Do7OFrD3IxMF/iEys2QKtHfTrv5Smp0KjQifdIsoep4cSa2sUC0GV8Mzb3CQGyOc23Zf rIbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=GiLjnG2DY03Yn8ZcFWzWxO2i88SwNhYf8beW+L7aAF8=; fh=xWjyOKH2Pk5YW2aPq2ySyUo6anH0tGMprsLd5VgsIW0=; b=KvLnl3yMmKtMlFr1eGCnOnP49Vidhxq2JNg6i1zPltoB+GhQWOGS8N1SclmzycSb7G OWadbFuTtDOg5EGxgebtRXiv2ysuPntDmB2GjjZvhsgAyelPWprGN9T7Dk5PUv2rrIHZ bd8fXHntwZHe0ZlXeCtnbqM4iC8n05yjobA3uxKFcZeohy2xVS6OAhqn8abeyyHJZmlt iSC4io/z5XiillvzjsatRJESCMYy3dhhlELLhs3JCWd3rkS3DsImUB4cYidVwUS+hy/F aTqWAJF13Zkt9HzbD05aNjll0eXdJeNbnof5PRRbELaMV1VJlYxgLn+IqY8IOkV8hSs5 qbXg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ZcraEF7O; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id h11-20020a05620a284b00b0075c9cb484edsi1298909qkp.628.2023.08.18.08.59.25 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Fri, 18 Aug 2023 08:59:25 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ZcraEF7O; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qX1sD-0005J7-Ix; Fri, 18 Aug 2023 11:58:53 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qX1sC-0005Il-GU for qemu-devel@nongnu.org; Fri, 18 Aug 2023 11:58:52 -0400 Received: from mail-wr1-x42c.google.com ([2a00:1450:4864:20::42c]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qX1sA-0004wa-Ad for qemu-devel@nongnu.org; Fri, 18 Aug 2023 11:58:52 -0400 Received: by mail-wr1-x42c.google.com with SMTP id ffacd0b85a97d-317f1c480eeso961391f8f.2 for ; Fri, 18 Aug 2023 08:58:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1692374328; x=1692979128; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=GiLjnG2DY03Yn8ZcFWzWxO2i88SwNhYf8beW+L7aAF8=; b=ZcraEF7Otpa9r+c4gjxjJ0ZKZB9NuCnPbo8DRkN5+7IHbEbTsivD+A8jXe4ScS3iD+ FbUfyTNDGrPs3qxaU1DpKrX7rOWMkb9XBX7OUvgoJZEPuw+MkevpkjH7neJwIjNCwBbE F3R6Qwlu5uyo5nf/M+O0SPkOH1X870miIa/Pm5rzkWN7VkGbgvdadYI7lo3OnWDVLfLS 1n/7HFV/oJq+Bre3EzI7yits04+lJh3DwXgkhj8fwGh8cokLZvI9WaYEEdYM2kBTgQzw WPImbvzhdbKKBllk3iEHl5a+reXUd3LX1Wg6hk5ZIKH7TDl4prKOXqZZyWzFTbCm3UBu Nrgg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692374328; x=1692979128; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GiLjnG2DY03Yn8ZcFWzWxO2i88SwNhYf8beW+L7aAF8=; b=TaFuBHfdTAlEc58Qq8N8P6czWbYZ+RLpXhRJqvOEWeau9syoVO6IHd+epahGZwS0Sn 50S8+CgJz7upOzm3Ey5O14YXnYAA0LFgzMvuRVpaq433mwEvIE72oN0gN4Ls4vc/w9gO eIgUpp6MS4OmFeZDa68M7g1AhydnDhyx4STyOMrpY4bus6gG+dR5LvrInw2ib1GC6atA jgWYq/DyYrftzhWRFS6pPDLVGjP0prZB152sDWJPr8ve/ZbE607yPDKuF2oYaA4F1G1Q S5flK4887r6vnfGVFDZtByeS9Yg8sQt1B6m5JQMLz6bQADhu7AT28f5ec2Bq00cAad8G eYRg== X-Gm-Message-State: AOJu0Yz0B1mr6Fq5pTbI05xTly0hZZphiYcA99gguYMEQ5sZDvqCviqN WsHYqmnM/3U28I26xZlLNDiRn3M47QMwmGtgkGY= X-Received: by 2002:adf:f186:0:b0:319:8a5a:ab5e with SMTP id h6-20020adff186000000b003198a5aab5emr2304939wro.38.1692374328298; Fri, 18 Aug 2023 08:58:48 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by smtp.gmail.com with ESMTPSA id y21-20020a7bcd95000000b003fbb346279dsm3275702wmj.38.2023.08.18.08.58.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 18 Aug 2023 08:58:48 -0700 (PDT) From: Peter Maydell To: qemu-devel@nongnu.org Cc: Gerd Hoffmann , Christian Schoenebeck Subject: [PATCH 1/2] audio/jackaudio: Avoid dynamic stack allocation in qjack_client_init Date: Fri, 18 Aug 2023 16:58:45 +0100 Message-Id: <20230818155846.1651287-2-peter.maydell@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230818155846.1651287-1-peter.maydell@linaro.org> References: <20230818155846.1651287-1-peter.maydell@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::42c; envelope-from=peter.maydell@linaro.org; helo=mail-wr1-x42c.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org Avoid a dynamic stack allocation in qjack_client_init(), by using a g_autofree heap allocation instead. (We stick with allocate + snprintf() because the JACK API requires the name to be no more than its maximum size, so g_strdup_printf() would require an extra truncation step.) The codebase has very few VLAs, and if we can get rid of them all we can make the compiler error on new additions. This is a defensive measure against security bugs where an on-stack dynamic allocation isn't correctly size-checked (e.g. CVE-2021-3527). Signed-off-by: Peter Maydell Reviewed-by: Francisco Iglesias Reviewed-by: Christian Schoenebeck --- audio/jackaudio.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/audio/jackaudio.c b/audio/jackaudio.c index 5bdf3d7a78d..7cb2a49f971 100644 --- a/audio/jackaudio.c +++ b/audio/jackaudio.c @@ -400,7 +400,8 @@ static void qjack_client_connect_ports(QJackClient *c) static int qjack_client_init(QJackClient *c) { jack_status_t status; - char client_name[jack_client_name_size()]; + int client_name_len = jack_client_name_size(); /* includes NUL */ + g_autofree char *client_name = g_new(char, client_name_len); jack_options_t options = JackNullOption; if (c->state == QJACK_STATE_RUNNING) { @@ -409,7 +410,7 @@ static int qjack_client_init(QJackClient *c) c->connect_ports = true; - snprintf(client_name, sizeof(client_name), "%s-%s", + snprintf(client_name, client_name_len, "%s-%s", c->out ? "out" : "in", c->opt->client_name ? c->opt->client_name : audio_application_name());