On 02/04/2013 02:07 PM, Peter Maydell wrote: > On 4 February 2013 18:38, Eric Blake <ebl...@redhat.com> wrote: >> On 02/02/2013 04:04 PM, dill...@dillona.com wrote: >>> - >>> - grouplist = alloca(gidsetsize * sizeof(gid_t)); >>> - target_grouplist = lock_user(VERIFY_READ, arg2, gidsetsize * >>> 2, 1); >>> - if (!target_grouplist) { >>> - ret = -TARGET_EFAULT; >>> - goto fail; >>> + if (gidsetsize) { >>> + grouplist = alloca(gidsetsize * sizeof(gid_t)); >> >> Is this alloca() safe, or are you risking stack overflow if the user >> passes an extremely large arg1? > > No, the linux-user has a number of long-standing not-terribly-safe > alloca calls like this. If anybody wants to go through and fix them > patches are welcome, but I don't think it's fair to require them > to be fixed in order to get fairly simple patches like this in, > where the patch is merely reindenting existing dubious code, not > adding to the problem.
Point taken - the abuse of alloca() is pre-existing, so it shouldn't block this particular patch. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature