[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [Qemu-devel] [PATCH] xen-disk: use g_malloc0 to fix build

To: Olaf Hering <olaf@xxxxxxxxx>
From: Eric Blake <eblake@xxxxxxxxxx>
Date: Fri, 28 Jul 2017 08:00:44 -0500
Cc: Kevin Wolf <kwolf@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, "open list:Block layer core" <qemu-block@xxxxxxxxxx>, "open list:All patches CC here" <qemu-devel@xxxxxxxxxx>, Max Reitz <mreitz@xxxxxxxxxx>, Anthony Perard <anthony.perard@xxxxxxxxxx>, "open list:X86" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
Delivery-date: Fri, 28 Jul 2017 13:01:04 +0000
Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 84AE915F4E
List-id: Xen developer discussion <xen-devel.lists.xen.org>
Openpgp: url=http://people.redhat.com/eblake/eblake.gpg

On 07/28/2017 07:48 AM, Olaf Hering wrote:
> On Fri, Jul 28, Eric Blake wrote:
> 
>> This version is prone to multiplication overflow (well, maybe not, but
>> you have to audit for that).  Wouldn't it be better to use:
> 
> What could go wrong?
> qemu will die either way, I think.

Dying immediately due to provable multiplication overflow is MUCH better
than successfully allocating too-little and then having who-knows-what
go wrong down the road because you didn't check for overflow.  The
latter can sometimes be exploited into CVEs.  And maybe you can't
overflow, but having to do a non-local audit to prove that is more time
spent than just using the right interface from the get-go.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH] xen-disk: use g_malloc0 to fix build
  - From: Olaf Hering
- Re: [Xen-devel] [Qemu-devel] [PATCH] xen-disk: use g_malloc0 to fix build
  - From: Eric Blake
- Re: [Xen-devel] [Qemu-devel] [PATCH] xen-disk: use g_malloc0 to fix build
  - From: Olaf Hering

Prev by Date: Re: [Xen-devel] [Qemu-devel] [PATCH] xen-disk: use g_malloc0 to fix build
Next by Date: [Xen-devel] [RFC v4]Proposal to allow setting up shared memory areas between VMs from xl config file
Previous by thread: Re: [Xen-devel] [Qemu-devel] [PATCH] xen-disk: use g_malloc0 to fix build
Next by thread: Re: [Xen-devel] [Qemu-devel] [PATCH] xen-disk: use g_malloc0 to fix build
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.