QEMU has historically used variable length arrays only very rarely. Variable length arrays are a potential security issue where an on-stack dynamic allocation isn't correctly size-checked, especially when the size comes from the guest. (An example problem of this kind from the past is CVE-2021-3527). Forbidding them entirely is a defensive measure against further bugs of this kind.
Enable -Wvla to prevent any new uses from sneaking into the codebase. Signed-off-by: Peter Maydell <peter.mayd...@linaro.org> --- meson.build | 1 + 1 file changed, 1 insertion(+) diff --git a/meson.build b/meson.build index d0329966f1b..385b8247073 100644 --- a/meson.build +++ b/meson.build @@ -601,6 +601,7 @@ warn_flags = [ '-Wno-psabi', '-Wno-gnu-variable-sized-type-not-at-end', '-Wshadow=local', + '-Wvla', ] if host_os != 'darwin' -- 2.34.1