From: Philippe Mathieu-Daudé <philmd@redhat.com>
Date: Thu, 24 Aug 2023 16:47:06 +0000 (+0100)
Subject: util/iov: Avoid dynamic stack allocation
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=522a9b94e0f8a1f89f1660a46121ab0d0eae3593;p=qemu.git

util/iov: Avoid dynamic stack allocation

Use autofree heap allocation instead of variable-length array on the
stack.

The codebase has very few VLAs, and if we can get rid of them all we
can make the compiler error on new additions.  This is a defensive
measure against security bugs where an on-stack dynamic allocation
isn't correctly size-checked (e.g.  CVE-2021-3527).

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-ID: <20230824164706.2652277-1-peter.maydell@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
---

diff --git a/util/iov.c b/util/iov.c
index 866fb577f3..7e73948f5e 100644
--- a/util/iov.c
+++ b/util/iov.c
@@ -571,7 +571,7 @@ static int sortelem_cmp_src_index(const void *a, const void *b)
  */
 void qemu_iovec_clone(QEMUIOVector *dest, const QEMUIOVector *src, void *buf)
 {
-    IOVectorSortElem sortelems[src->niov];
+    g_autofree IOVectorSortElem *sortelems = g_new(IOVectorSortElem, src->niov);
     void *last_end;
     int i;