Hello
> > -/* Tests only initialization so far. TODO: Replace with functional
> > tests */ -static void pci_nop(void)
> > +#define TEST_IMAGE_SIZE (64 * 1024 * 1024)
> > +
> > +static char tmp_path[] = "/tmp/qtest.XXXXXX";
> > +extern QVirtioBus qvirtio_pci;
> > +
> > +static void pci_basic(void)
> > {
> > + QVirtioDevice *dev;
> > + dev = qvirtio_pci.device_find(VIRTIO_BLK_DEVICE_ID);
> > + fprintf(stderr, "Device: %x %x %x\n",
> > + dev->device_id, dev->location,
> > dev->device_type); }
> >
> > int main(int argc, char **argv)
> > {
> > int ret;
> > + int fd;
> > + char test_start[100];
>
> Depending on length of tmp_path, this looks quite close to an
> overflow ...
>
> >
> > g_test_init(&argc, &argv, NULL);
> > - qtest_add_func("/virtio/blk/pci/nop", pci_nop);
> > + qtest_add_func("/virtio/blk/pci/basic", pci_basic);
> >
> > - qtest_start("-drive id=drv0,if=none,file=/dev/null "
> > - "-device virtio-blk-pci,drive=drv0");
> > + /* Create a temporary raw image */
> > + fd = mkstemp(tmp_path);
> > + g_assert_cmpint(fd, >=, 0);
> > + ret = ftruncate(fd, TEST_IMAGE_SIZE);
> > + g_assert_cmpint(ret, ==, 0);
> > + close(fd);
> > +
> > + sprintf(test_start, "-drive if=none,id=drive0,file=%s "
> > + "-device virtio-blk-pci,drive=drive0",
> > tmp_path);
>
> ... here. Also please use snprintf.
>
tmp_path is defined as global, and has always the same size
(/tmp/qtest.XXXXXX, where the X will be replaced by a temporary name).
But I'll change to snprintf for security.
