diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2023-08-18 16:58:45 +0100 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2023-09-21 16:07:14 +0100 |
| commit | d71c3d305980b38c6e6794da7401172ac0fec891 (patch) | |
| tree | d3e6b544bc9c40621f910a7fe0606e4e8e5fa918 /hw/misc/virt_ctrl.c | |
| parent | 706a92fbfa3932020d232890d1caf648b8e9eff6 (diff) | |
| download | qemu-d71c3d305980b38c6e6794da7401172ac0fec891.zip qemu-d71c3d305980b38c6e6794da7401172ac0fec891.tar.gz qemu-d71c3d305980b38c6e6794da7401172ac0fec891.tar.bz2 | |
audio/jackaudio: Avoid dynamic stack allocation in qjack_client_init
Avoid a dynamic stack allocation in qjack_client_init(), by using
a g_autofree heap allocation instead.
(We stick with allocate + snprintf() because the JACK API requires
the name to be no more than its maximum size, so g_strdup_printf()
would require an extra truncation step.)
The codebase has very few VLAs, and if we can get rid of them all we
can make the compiler error on new additions. This is a defensive
measure against security bugs where an on-stack dynamic allocation
isn't correctly size-checked (e.g. CVE-2021-3527).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Message-id: 20230818155846.1651287-2-peter.maydell@linaro.org
Diffstat (limited to 'hw/misc/virt_ctrl.c')
0 files changed, 0 insertions, 0 deletions