hw/ppc/spapr_pci: Replace g_memdup() by g_memdup2() - qemu

diff options

author	Philippe Mathieu-Daudé <philmd@redhat.com>	2021-09-03 12:05:50 +0200
committer	Philippe Mathieu-Daudé <philmd@linaro.org>	2024-05-08 19:43:01 +0200
commit	09d98a241caf12e0de5ab738cfa5c911af97fbd6 (patch)
tree	e5c33a29c40015d7570b7094106300b33a81ef7c /scripts/coverage/compare_gcov_json.py
parent	hw/hppa/machine: Replace g_memdup() by g_memdup2() (diff)
download	qemu-09d98a241caf12e0de5ab738cfa5c911af97fbd6.tar.xz qemu-09d98a241caf12e0de5ab738cfa5c911af97fbd6.zip

hw/ppc/spapr_pci: Replace g_memdup() by g_memdup2()

Per https://discourse.gnome.org/t/port-your-module-from-g-memdup-to-g-memdup2-now/5538 The old API took the size of the memory to duplicate as a guint, whereas most memory functions take memory sizes as a gsize. This made it easy to accidentally pass a gsize to g_memdup(). For large values, that would lead to a silent truncation of the size from 64 to 32 bits, and result in a heap area being returned which is significantly smaller than what the caller expects. This can likely be exploited in various modules to cause a heap buffer overflow. Replace g_memdup() by the safer g_memdup2() wrapper. Trivially safe because the argument was directly from sizeof. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: David Gibson <david@gibson.dropber.id.au> Message-Id: <20210903174510.751630-17-philmd@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>

Diffstat (limited to '')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: