On 21/02/2024 17.26, Thomas Huth wrote:
From: Peter Maydell <peter.mayd...@linaro.org>
QEMU has historically used variable length arrays only very rarely.
Variable length arrays are a potential security issue where an
on-stack dynamic allocation isn't correctly size-checked, especially
when the size comes from the guest. (An example problem of this kind
from the past is CVE-2021-3527). Forbidding them entirely is a
defensive measure against further bugs of this kind.
Enable -Wvla to prevent any new uses from sneaking into the codebase.
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
Message-ID: <20240125173211.1786196-3-peter.mayd...@linaro.org>
[thuth: rebased to current master branch]
Signed-off-by: Thomas Huth <th...@redhat.com>
---
meson.build | 1 +
1 file changed, 1 insertion(+)
diff --git a/meson.build b/meson.build
index c1dc83e4c0..0ef1654e86 100644
--- a/meson.build
+++ b/meson.build
@@ -592,6 +592,7 @@ warn_flags = [
'-Wstrict-prototypes',
'-Wtype-limits',
'-Wundef',
+ '-Wvla',
'-Wwrite-strings',
# Then disable some undesirable warnings
Sigh, there's a new warning in the latest master branch:
https://gitlab.com/thuth/qemu/-/jobs/6225992174
Caused by commit d65aba828 ("hw/sparc/leon3: implement multiprocessor")...
Clément, Philippe, could this maybe be written in a different way that does
not trigger a -Wvla warning?
Thomas
