The QEMU codebase has very few C variable length arrays, and if we can get rid of them all we can make the compiler error on new additions. This is a defensive measure against security bugs where an on-stack dynamic allocation isn't correctly size-checked (e.g. CVE-2021-3527).
We last had a go at this a few years ago, when Philippe wrote patches for this: https://patchew.org/QEMU/20210505211047.1496765-1-phi...@redhat.com/ Some of the fixes made it into the tree, but some didn't (either because of lack of review or because review found some changes that needed to be made). I'm going through the remainder as a non-urgent Friday afternoon task... This patchset deals with two VLAs in the NVME code. thanks -- PMM Peter Maydell (1): hw/nvme: Avoid dynamic stack allocation Philippe Mathieu-Daudé (1): hw/nvme: Use #define to avoid variable length array hw/nvme/ctrl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- 2.34.1