On 02/03/2014 06:34 PM, Daniel P. Berrange wrote: > On Mon, Feb 03, 2014 at 06:00:42PM +0800, Chen Gang wrote: >> We can not assume "'path' + 'ctx->fs_root'" must be less than MAX_PATH, >> so need use snprintf() instead of sprintf(). >> >> And also recommend to use ARRAY_SIZE instead of hard code macro for an >> array size in snprintf(). > > In the event that there is overflow this will cause the data to be > truncated, potentially causing QEMU to access the wrong file on the > host. Both snprintf and sprintf are really bad because of their > use of fixed buffers. Better to change it to g_strdup_printf which > dynamically allocates buffers. >
That sounds reasonable to me, I will send patch v2 for it. Thanks. -- Chen Gang Open, share and attitude like air, water and life which God blessed
