-
Peter Maydell authoredWe use a variable-length array in inet_get_free_port_multiple(). This is only test code called at the start of a test, so switch to a heap allocation instead. The codebase has very few VLAs, and if we can get rid of them all we can make the compiler error on new additions. This is a defensive measure against security bugs where an on-stack dynamic allocation isn't correctly size-checked (e.g. CVE-2021-3527). Signed-off-by:
Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20230824164535.2652070-1-peter.maydell@linaro.org>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>Peter Maydell authoredWe use a variable-length array in inet_get_free_port_multiple(). This is only test code called at the start of a test, so switch to a heap allocation instead. The codebase has very few VLAs, and if we can get rid of them all we can make the compiler error on new additions. This is a defensive measure against security bugs where an on-stack dynamic allocation isn't correctly size-checked (e.g. CVE-2021-3527). Signed-off-by:
Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20230824164535.2652070-1-peter.maydell@linaro.org>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Loading