提交 60bfd5b5 编写于 作者: E Eric Blake

util: avoid PATH_MAX-sized array

See previous patch for why this is good...

* src/util/pci.c (struct _pciDevice, pciGetDevice, pciFreeDevice):
Manage path dynamically.  Report snprintf overflow.
* src/util/hostusb.c (struct _usbDevice, usbGetDevice)
(usbFreeDevice): Likewise.
上级 565c975f
/*
* Copyright (C) 2009-2010 Red Hat, Inc.
* Copyright (C) 2009-2011 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
......@@ -48,7 +48,7 @@ struct _usbDevice {
char name[USB_ADDR_LEN]; /* domain:bus:slot.function */
char id[USB_ID_LEN]; /* product vendor */
char path[PATH_MAX];
char *path;
};
/* For virReportOOMError() and virReportSystemError() */
......@@ -171,13 +171,30 @@ usbGetDevice(unsigned bus,
dev->bus = bus;
dev->dev = devno;
snprintf(dev->name, sizeof(dev->name), "%.3o:%.3o",
dev->bus, dev->dev);
snprintf(dev->path, sizeof(dev->path),
USB_DEVFS "%03d/%03d", dev->bus, dev->dev);
if (snprintf(dev->name, sizeof(dev->name), "%.3o:%.3o",
dev->bus, dev->dev) >= sizeof(dev->name)) {
usbReportError(VIR_ERR_INTERNAL_ERROR,
_("dev->name buffer overflow: %.3o:%.3o"),
dev->bus, dev->dev);
usbFreeDevice(dev);
return NULL;
}
if (virAsprintf(&dev->path, USB_DEVFS "%03d/%03d",
dev->bus, dev->dev) < 0) {
virReportOOMError();
usbFreeDevice(dev);
return NULL;
}
/* XXX fixme. this should be product/vendor */
snprintf(dev->id, sizeof(dev->id), "%d %d", dev->bus, dev->dev);
if (snprintf(dev->id, sizeof(dev->id), "%d %d", dev->bus,
dev->dev) >= sizeof(dev->id)) {
usbReportError(VIR_ERR_INTERNAL_ERROR,
_("dev->id buffer overflow: %d %d"),
dev->bus, dev->dev);
usbFreeDevice(dev);
return NULL;
}
VIR_DEBUG("%s %s: initialized", dev->id, dev->name);
......@@ -203,6 +220,7 @@ void
usbFreeDevice(usbDevice *dev)
{
VIR_DEBUG("%s %s: freeing", dev->id, dev->name);
VIR_FREE(dev->path);
VIR_FREE(dev);
}
......
......@@ -56,7 +56,7 @@ struct _pciDevice {
char name[PCI_ADDR_LEN]; /* domain:bus:slot.function */
char id[PCI_ID_LEN]; /* product vendor */
char path[PATH_MAX];
char *path;
int fd;
unsigned initted;
......@@ -1307,10 +1307,21 @@ pciGetDevice(unsigned domain,
dev->slot = slot;
dev->function = function;
snprintf(dev->name, sizeof(dev->name), "%.4x:%.2x:%.2x.%.1x",
dev->domain, dev->bus, dev->slot, dev->function);
snprintf(dev->path, sizeof(dev->path),
PCI_SYSFS "devices/%s/config", dev->name);
if (snprintf(dev->name, sizeof(dev->name), "%.4x:%.2x:%.2x.%.1x",
dev->domain, dev->bus, dev->slot,
dev->function) >= sizeof(dev->name)) {
pciReportError(VIR_ERR_INTERNAL_ERROR,
_("dev->name buffer overflow: %.4x:%.2x:%.2x.%.1x"),
dev->domain, dev->bus, dev->slot, dev->function);
pciFreeDevice(dev);
return NULL;
}
if (virAsprintf(&dev->path, PCI_SYSFS "devices/%s/config",
dev->name) < 0) {
virReportOOMError();
pciFreeDevice(dev);
return NULL;
}
if (access(dev->path, F_OK) != 0) {
virReportSystemError(errno,
......@@ -1334,7 +1345,14 @@ pciGetDevice(unsigned domain,
}
/* strings contain '0x' prefix */
snprintf(dev->id, sizeof(dev->id), "%s %s", &vendor[2], &product[2]);
if (snprintf(dev->id, sizeof(dev->id), "%s %s", &vendor[2],
&product[2]) >= sizeof(dev->id)) {
pciReportError(VIR_ERR_INTERNAL_ERROR,
_("dev->id buffer overflow: %s %s"),
&vendor[2], &product[2]);
pciFreeDevice(dev);
return NULL;
}
VIR_FREE(product);
VIR_FREE(vendor);
......@@ -1351,6 +1369,7 @@ pciFreeDevice(pciDevice *dev)
return;
VIR_DEBUG("%s %s: freeing", dev->id, dev->name);
pciCloseConfig(dev);
VIR_FREE(dev->path);
VIR_FREE(dev);
}
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册