Message ID | 20170715132841.9865-5-hpoussin@reactos.org (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Hi Hervé, On 07/15/2017 10:28 AM, Hervé Poussineau wrote: > This prevents some host to guest memory content leaks. > > Fixes: https://bugs.launchpad.net/qemu/+bug/1599539 > > Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> > --- > block/vvfat.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/block/vvfat.c b/block/vvfat.c > index afc6170a69..7340decef3 100644 > --- a/block/vvfat.c > +++ b/block/vvfat.c > @@ -115,6 +115,7 @@ static inline int array_ensure_allocated(array_t* array, int index) > array->pointer = g_realloc(array->pointer, new_size); > if (!array->pointer) > return -1; isn't it safer: if (likely(new_size > array->size)) { > + memset(array->pointer + array->size, 0, new_size - array->size); } ? > array->size = new_size; > array->next = index + 1; > } > Regards, Phil.
Le 16/07/2017 à 00:24, Philippe Mathieu-Daudé a écrit : > Hi Hervé, > > On 07/15/2017 10:28 AM, Hervé Poussineau wrote: >> This prevents some host to guest memory content leaks. >> >> Fixes: https://bugs.launchpad.net/qemu/+bug/1599539 >> >> Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> >> --- >> block/vvfat.c | 1 + >> 1 file changed, 1 insertion(+) >> >> diff --git a/block/vvfat.c b/block/vvfat.c >> index afc6170a69..7340decef3 100644 >> --- a/block/vvfat.c >> +++ b/block/vvfat.c >> @@ -115,6 +115,7 @@ static inline int array_ensure_allocated(array_t* array, int index) >> array->pointer = g_realloc(array->pointer, new_size); >> if (!array->pointer) >> return -1; > > isn't it safer: > > if (likely(new_size > array->size)) { Not really, because the code is: if((index + 1) * array->item_size > array->size) { int new_size = (index + 32) * array->item_size; array->pointer = g_realloc(array->pointer, new_size); if (!array->pointer) return -1; array->size = new_size; array->next = index + 1; } array->size is the size (in bytes) of the previous array. new_size is (index + 32) * item_size And, due to the "if", we know that (index + 1) * item_size > array->size. So, new_size > array->size. > >> + memset(array->pointer + array->size, 0, new_size - array->size); > > } > > ? > >> array->size = new_size; >> array->next = index + 1; >> } >> > > Regards, > > Phil. >
diff --git a/block/vvfat.c b/block/vvfat.c index afc6170a69..7340decef3 100644 --- a/block/vvfat.c +++ b/block/vvfat.c @@ -115,6 +115,7 @@ static inline int array_ensure_allocated(array_t* array, int index) array->pointer = g_realloc(array->pointer, new_size); if (!array->pointer) return -1; + memset(array->pointer + array->size, 0, new_size - array->size); array->size = new_size; array->next = index + 1; }
This prevents some host to guest memory content leaks. Fixes: https://bugs.launchpad.net/qemu/+bug/1599539 Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> --- block/vvfat.c | 1 + 1 file changed, 1 insertion(+)