On Aug 11 18:47, Peter Maydell wrote: > The QEMU codebase has very few C variable length arrays, and if we can > get rid of them all we can make the compiler error on new additions. > This is a defensive measure against security bugs where an on-stack > dynamic allocation isn't correctly size-checked (e.g. CVE-2021-3527). > > We last had a go at this a few years ago, when Philippe wrote > patches for this: > https://patchew.org/QEMU/20210505211047.1496765-1-phi...@redhat.com/ > Some of the fixes made it into the tree, but some didn't (either > because of lack of review or because review found some changes > that needed to be made). I'm going through the remainder as a > non-urgent Friday afternoon task... > > This patchset deals with two VLAs in the NVME code. > > thanks > -- PMM > > Peter Maydell (1): > hw/nvme: Avoid dynamic stack allocation > > Philippe Mathieu-Daudé (1): > hw/nvme: Use #define to avoid variable length array > > hw/nvme/ctrl.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > -- > 2.34.1 >
Thanks Peter, Applied to nvme-next!
signature.asc
Description: PGP signature