target/ppc: Replace g_memdup() by g_memdup2() - qemu

diff options

author	Philippe Mathieu-Daudé <philmd@redhat.com>	2021-09-03 12:05:51 +0200
committer	Philippe Mathieu-Daudé <philmd@linaro.org>	2024-05-08 19:11:34 +0200
commit	40fed8c1d3a2bcef81c8de3f55d7e1abe1397347 (patch)
tree	43236fae218e187984bdccd3814d24c3d5a61763 /scripts/coverage/compare_gcov_json.py
parent	block/qcow2-bitmap: Replace g_memdup() by g_memdup2() (diff)
download	qemu-40fed8c1d3a2bcef81c8de3f55d7e1abe1397347.tar.xz qemu-40fed8c1d3a2bcef81c8de3f55d7e1abe1397347.zip

target/ppc: Replace g_memdup() by g_memdup2()

Per https://discourse.gnome.org/t/port-your-module-from-g-memdup-to-g-memdup2-now/5538 The old API took the size of the memory to duplicate as a guint, whereas most memory functions take memory sizes as a gsize. This made it easy to accidentally pass a gsize to g_memdup(). For large values, that would lead to a silent truncation of the size from 64 to 32 bits, and result in a heap area being returned which is significantly smaller than what the caller expects. This can likely be exploited in various modules to cause a heap buffer overflow. Replace g_memdup() by the safer g_memdup2() wrapper. Trivially safe because the argument was directly from sizeof. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: David Gibson <david@gibson.dropbear.id.au> Message-Id: <20210903174510.751630-27-philmd@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>

Diffstat (limited to '')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: