Skip to content

L
libvirt

openeuler / libvirt

通知 3
Star 0
Fork 0
L
libvirt

体验新版 GitCode,发现更多精彩内容 >>

提交 60bfd5b5 编写于 作者: E Eric Blake
浏览文件
操作

util: avoid PATH_MAX-sized array 

See previous patch for why this is good...

* src/util/pci.c (struct _pciDevice, pciGetDevice, pciFreeDevice):
Manage path dynamically.  Report snprintf overflow.
* src/util/hostusb.c (struct _usbDevice, usbGetDevice)
(usbFreeDevice): Likewise.
上级 565c975f
隐藏空白更改
内联 并排
Showing with 50 addition and 13 deletion
src/util/hostusb.c
浏览文件 @ 60bfd5b5
/* /*
* Copyright (C) 2009-2010 Red Hat, Inc. * Copyright (C) 2009-2011 Red Hat, Inc.
* *
* This library is free software; you can redistribute it and/or * This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public * modify it under the terms of the GNU Lesser General Public
...@@ -48,7 +48,7 @@ struct _usbDevice { ...@@ -48,7 +48,7 @@ struct _usbDevice {
char name[USB_ADDR_LEN]; /* domain:bus:slot.function */ char name[USB_ADDR_LEN]; /* domain:bus:slot.function */
char id[USB_ID_LEN]; /* product vendor */ char id[USB_ID_LEN]; /* product vendor */
char path[PATH_MAX]; char *path;
}; };
/* For virReportOOMError() and virReportSystemError() */ /* For virReportOOMError() and virReportSystemError() */
...@@ -171,13 +171,30 @@ usbGetDevice(unsigned bus, ...@@ -171,13 +171,30 @@ usbGetDevice(unsigned bus,
dev->bus = bus; dev->bus = bus;
dev->dev = devno; dev->dev = devno;
snprintf(dev->name, sizeof(dev->name), "%.3o:%.3o", if (snprintf(dev->name, sizeof(dev->name), "%.3o:%.3o",
dev->bus, dev->dev); dev->bus, dev->dev) >= sizeof(dev->name)) {
snprintf(dev->path, sizeof(dev->path), usbReportError(VIR_ERR_INTERNAL_ERROR,
USB_DEVFS "%03d/%03d", dev->bus, dev->dev); _("dev->name buffer overflow: %.3o:%.3o"),
dev->bus, dev->dev);
usbFreeDevice(dev);
return NULL;
}
if (virAsprintf(&dev->path, USB_DEVFS "%03d/%03d",
dev->bus, dev->dev) < 0) {
virReportOOMError();
usbFreeDevice(dev);
return NULL;
}
/* XXX fixme. this should be product/vendor */ /* XXX fixme. this should be product/vendor */
snprintf(dev->id, sizeof(dev->id), "%d %d", dev->bus, dev->dev); if (snprintf(dev->id, sizeof(dev->id), "%d %d", dev->bus,
dev->dev) >= sizeof(dev->id)) {
usbReportError(VIR_ERR_INTERNAL_ERROR,
_("dev->id buffer overflow: %d %d"),
dev->bus, dev->dev);
usbFreeDevice(dev);
return NULL;
}
VIR_DEBUG("%s %s: initialized", dev->id, dev->name); VIR_DEBUG("%s %s: initialized", dev->id, dev->name);
...@@ -203,6 +220,7 @@ void ...@@ -203,6 +220,7 @@ void
usbFreeDevice(usbDevice *dev) usbFreeDevice(usbDevice *dev)
{ {
VIR_DEBUG("%s %s: freeing", dev->id, dev->name); VIR_DEBUG("%s %s: freeing", dev->id, dev->name);
VIR_FREE(dev->path);
VIR_FREE(dev); VIR_FREE(dev);
} }
......
src/util/pci.c
浏览文件 @ 60bfd5b5
...@@ -56,7 +56,7 @@ struct _pciDevice { ...@@ -56,7 +56,7 @@ struct _pciDevice {
char name[PCI_ADDR_LEN]; /* domain:bus:slot.function */ char name[PCI_ADDR_LEN]; /* domain:bus:slot.function */
char id[PCI_ID_LEN]; /* product vendor */ char id[PCI_ID_LEN]; /* product vendor */
char path[PATH_MAX]; char *path;
int fd; int fd;
unsigned initted; unsigned initted;
...@@ -1307,10 +1307,21 @@ pciGetDevice(unsigned domain, ...@@ -1307,10 +1307,21 @@ pciGetDevice(unsigned domain,
dev->slot = slot; dev->slot = slot;
dev->function = function; dev->function = function;
snprintf(dev->name, sizeof(dev->name), "%.4x:%.2x:%.2x.%.1x", if (snprintf(dev->name, sizeof(dev->name), "%.4x:%.2x:%.2x.%.1x",
dev->domain, dev->bus, dev->slot, dev->function); dev->domain, dev->bus, dev->slot,
snprintf(dev->path, sizeof(dev->path), dev->function) >= sizeof(dev->name)) {
PCI_SYSFS "devices/%s/config", dev->name); pciReportError(VIR_ERR_INTERNAL_ERROR,
_("dev->name buffer overflow: %.4x:%.2x:%.2x.%.1x"),
dev->domain, dev->bus, dev->slot, dev->function);
pciFreeDevice(dev);
return NULL;
}
if (virAsprintf(&dev->path, PCI_SYSFS "devices/%s/config",
dev->name) < 0) {
virReportOOMError();
pciFreeDevice(dev);
return NULL;
}
if (access(dev->path, F_OK) != 0) { if (access(dev->path, F_OK) != 0) {
virReportSystemError(errno, virReportSystemError(errno,
...@@ -1334,7 +1345,14 @@ pciGetDevice(unsigned domain, ...@@ -1334,7 +1345,14 @@ pciGetDevice(unsigned domain,
} }
/* strings contain '0x' prefix */ /* strings contain '0x' prefix */
snprintf(dev->id, sizeof(dev->id), "%s %s", &vendor[2], &product[2]); if (snprintf(dev->id, sizeof(dev->id), "%s %s", &vendor[2],
&product[2]) >= sizeof(dev->id)) {
pciReportError(VIR_ERR_INTERNAL_ERROR,
_("dev->id buffer overflow: %s %s"),
&vendor[2], &product[2]);
pciFreeDevice(dev);
return NULL;
}
VIR_FREE(product); VIR_FREE(product);
VIR_FREE(vendor); VIR_FREE(vendor);
...@@ -1351,6 +1369,7 @@ pciFreeDevice(pciDevice *dev) ...@@ -1351,6 +1369,7 @@ pciFreeDevice(pciDevice *dev)
return; return;
VIR_DEBUG("%s %s: freeing", dev->id, dev->name); VIR_DEBUG("%s %s: freeing", dev->id, dev->name);
pciCloseConfig(dev); pciCloseConfig(dev);
VIR_FREE(dev->path);
VIR_FREE(dev); VIR_FREE(dev);
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册