Le 16/07/2017 à 00:24, Philippe Mathieu-Daudé a écrit :
Hi Hervé,
On 07/15/2017 10:28 AM, Hervé Poussineau wrote:
This prevents some host to guest memory content leaks.
Fixes: https://bugs.launchpad.net/qemu/+bug/1599539
Signed-off-by: Hervé Poussineau <hpous...@reactos.org>
---
block/vvfat.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/block/vvfat.c b/block/vvfat.c
index afc6170a69..7340decef3 100644
--- a/block/vvfat.c
+++ b/block/vvfat.c
@@ -115,6 +115,7 @@ static inline int array_ensure_allocated(array_t* array,
int index)
array->pointer = g_realloc(array->pointer, new_size);
if (!array->pointer)
return -1;
isn't it safer:
if (likely(new_size > array->size)) {
Not really, because the code is:
if((index + 1) * array->item_size > array->size) {
int new_size = (index + 32) * array->item_size;
array->pointer = g_realloc(array->pointer, new_size);
if (!array->pointer)
return -1;
array->size = new_size;
array->next = index + 1;
}
array->size is the size (in bytes) of the previous array.
new_size is (index + 32) * item_size
And, due to the "if", we know that (index + 1) * item_size > array->size.
So, new_size > array->size.
+ memset(array->pointer + array->size, 0, new_size - array->size);
}
?
array->size = new_size;
array->next = index + 1;
}
Regards,
Phil.
