From a767838caf6c761d714a9466d008f8dddaf1a162 Mon Sep 17 00:00:00 2001

From: Fam Zheng <famz@redhat.com>

Date: Mon, 15 Feb 2016 09:28:22 +0100

Subject: [PATCH 09/18] block: vmdk - move string allocations from stack to the

 heap

RH-Author: Fam Zheng <famz@redhat.com>

Message-id: <1455528511-9357-10-git-send-email-famz@redhat.com>

Patchwork-id: 69175

O-Subject: [RHEL-7.3 qemu-kvm PATCH 09/18] block: vmdk - move string allocations from stack to the heap

Bugzilla: 1299250

RH-Acked-by: Kevin Wolf <kwolf@redhat.com>

RH-Acked-by: Max Reitz <mreitz@redhat.com>

RH-Acked-by: Markus Armbruster <armbru@redhat.com>

From: Jeff Cody <jcody@redhat.com>

BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1299250

Functions 'vmdk_parse_extents' and 'vmdk_create' allocate several

PATH_MAX sized arrays on the stack.  Make these dynamically allocated.

Signed-off-by: Jeff Cody <jcody@redhat.com>

Signed-off-by: Kevin Wolf <kwolf@redhat.com>

(cherry picked from commit fe2065629a9c256f836770ca54449ae77b22d188)

Signed-off-by: Fam Zheng <famz@redhat.com>

Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>

---

 block/vmdk.c | 40 ++++++++++++++++++++++++----------------

 1 file changed, 24 insertions(+), 16 deletions(-)

diff --git a/block/vmdk.c b/block/vmdk.c

index 3351782..45ecf02 100644

--- a/block/vmdk.c

+++ b/block/vmdk.c

@@ -795,12 +795,11 @@ static int vmdk_parse_extents(const char *desc, BlockDriverState *bs,

     const char *p = desc;

     int64_t sectors = 0;

     int64_t flat_offset;

-    char extent_path[PATH_MAX];

+    char *extent_path;

     BlockDriverState *extent_file;

     BDRVVmdkState *s = bs->opaque;

     VmdkExtent *extent;

-

     while (*p) {

         /* parse extent line in one of below formats:

          *

@@ -838,10 +837,13 @@ static int vmdk_parse_extents(const char *desc, BlockDriverState *bs,

             goto next_line;

         }

+        extent_path = g_malloc0(PATH_MAX);

         path_combine(extent_path, sizeof(extent_path),

                 desc_file_path, fname);

+        extent_file = NULL;

         ret = bdrv_file_open(&extent_file, extent_path, NULL, bs->open_flags,

                              errp);

+        g_free(extent_path);

         if (ret) {

             return ret;

         }

@@ -1790,10 +1792,15 @@ static int vmdk_create(const char *filename, QEMUOptionParameter *options,

     int ret = 0;

     bool flat, split, compress;

     GString *ext_desc_lines;

-    char path[PATH_MAX], prefix[PATH_MAX], postfix[PATH_MAX];

+    char *path = g_malloc0(PATH_MAX);

+    char *prefix = g_malloc0(PATH_MAX);

+    char *postfix = g_malloc0(PATH_MAX);

+    char *desc_line = g_malloc0(BUF_SIZE);

+    char *ext_filename = g_malloc0(PATH_MAX);

+    char *desc_filename = g_malloc0(PATH_MAX);

     const int64_t split_size = 0x80000000;  /* VMDK has constant split size */

     const char *desc_extent_line;

-    char parent_desc_line[BUF_SIZE] = "";

+    char *parent_desc_line = g_malloc0(BUF_SIZE);

     uint32_t parent_cid = 0xffffffff;

     uint32_t number_heads = 16;

     bool zeroed_grain = false;

@@ -1902,33 +1909,27 @@ static int vmdk_create(const char *filename, QEMUOptionParameter *options,

         }

         parent_cid = vmdk_read_cid(bs, 0);

         bdrv_unref(bs);

-        snprintf(parent_desc_line, sizeof(parent_desc_line),

+        snprintf(parent_desc_line, BUF_SIZE,

                 "parentFileNameHint=\"%s\"", backing_file);

     }

     /* Create extents */

     filesize = total_size;

     while (filesize > 0) {

-        char desc_line[BUF_SIZE];

-        char ext_filename[PATH_MAX];

-        char desc_filename[PATH_MAX];

         int64_t size = filesize;

         if (split && size > split_size) {

             size = split_size;

         }

         if (split) {

-            snprintf(desc_filename, sizeof(desc_filename), "%s-%c%03d%s",

+            snprintf(desc_filename, PATH_MAX, "%s-%c%03d%s",

                     prefix, flat ? 'f' : 's', ++idx, postfix);

         } else if (flat) {

-            snprintf(desc_filename, sizeof(desc_filename), "%s-flat%s",

-                    prefix, postfix);

+            snprintf(desc_filename, PATH_MAX, "%s-flat%s", prefix, postfix);

         } else {

-            snprintf(desc_filename, sizeof(desc_filename), "%s%s",

-                    prefix, postfix);

+            snprintf(desc_filename, PATH_MAX, "%s%s", prefix, postfix);

         }

-        snprintf(ext_filename, sizeof(ext_filename), "%s%s",

-                path, desc_filename);

+        snprintf(ext_filename, PATH_MAX, "%s%s", path, desc_filename);

         if (vmdk_create_extent(ext_filename, size,

                                flat, compress, zeroed_grain, errp)) {

@@ -1938,7 +1939,7 @@ static int vmdk_create(const char *filename, QEMUOptionParameter *options,

         filesize -= size;

         /* Format description line */

-        snprintf(desc_line, sizeof(desc_line),

+        snprintf(desc_line, BUF_SIZE,

                     desc_extent_line, size / BDRV_SECTOR_SIZE, desc_filename);

         g_string_append(ext_desc_lines, desc_line);

     }

@@ -1988,6 +1989,13 @@ exit:

         bdrv_unref(new_bs);

     }

     g_free(desc);

+    g_free(path);

+    g_free(prefix);

+    g_free(postfix);

+    g_free(desc_line);

+    g_free(ext_filename);

+    g_free(desc_filename);

+    g_free(parent_desc_line);

     g_string_free(ext_desc_lines, true);

     return ret;

 }

-- 

1.8.3.1