On 8 March 2016 at 14:00, Peter Xu <pet...@redhat.com> wrote:
> Suggested-by: Paolo Bonzini <pbonz...@redhat.com>
> CC: Gerd Hoffmann <kra...@redhat.com>
> Signed-off-by: Peter Xu <pet...@redhat.com>
> ---
> hw/usb/dev-mtp.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
> index 7391783..e6dae2f 100644
> --- a/hw/usb/dev-mtp.c
> +++ b/hw/usb/dev-mtp.c
> @@ -432,13 +432,13 @@ static void inotify_watchfn(void *arg)
> {
> MTPState *s = arg;
> ssize_t bytes;
> +#define __BUF_LEN (sizeof(struct inotify_event) + NAME_MAX + 1)
> /* From the man page: atleast one event can be read */
> - int len = sizeof(struct inotify_event) + NAME_MAX + 1;
> int pos;
> - char buf[len];
> + char buf[__BUF_LEN];
The commit message subject says this is fixing an unbounded
stack usage, but (a) this array wasn't unbounded in size
(b) the change doesn't change the size we allocate.
What are you trying to do here?
thanks
-- PMM
