Searched hist:f8324611 (Results 1 – 1 of 1) sorted by relevance
/openbmc/qemu/hw/usb/ |
H A D | hcd-xhci.c | f8324611 Thu Aug 24 11:48:18 CDT 2023 Peter Maydell <peter.maydell@linaro.org> hw/usb/hcd-xhci: Avoid variable-length array in xhci_get_port_bandwidth()
In xhci_get_port_bandwidth(), we use a variable-length array to construct the buffer to send back to the guest. Avoid the VLA by using dma_memory_set() to directly request the memory system to fill the guest memory with a string of '80's.
The codebase has very few VLAs, and if we can get rid of them all we can make the compiler error on new additions. This is a defensive measure against security bugs where an on-stack dynamic allocation isn't correctly size-checked (e.g. CVE-2021-3527).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-ID: <20230824164818.2652452-1-peter.maydell@linaro.org>
|