Skip to content
Snippets Groups Projects
Commit f8324611 authored by Peter Maydell's avatar Peter Maydell Committed by Philippe Mathieu-Daudé
Browse files

hw/usb/hcd-xhci: Avoid variable-length array in xhci_get_port_bandwidth() 


In xhci_get_port_bandwidth(), we use a variable-length array to
construct the buffer to send back to the guest. Avoid the VLA
by using dma_memory_set() to directly request the memory system
to fill the guest memory with a string of '80's.

The codebase has very few VLAs, and if we can get rid of them all we
can make the compiler error on new additions.  This is a defensive
measure against security bugs where an on-stack dynamic allocation
isn't correctly size-checked (e.g.  CVE-2021-3527).

Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: default avatarPhilippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: default avatarPhilippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20230824164818.2652452-1-peter.maydell@linaro.org>
parent 2a8537cf
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 4 additions and 6 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment