On 8/8/19 3:39 PM, Stefan Hajnoczi wrote:
> On Wed, Aug 07, 2019 at 12:44:40PM +0530, Balamuruhan S wrote:
>> +void python_args_init_cast_int(char *args[], int arg, int pos)
>> +{
>> + args[pos]= malloc(sizeof(int));
>> + sprintf(args[pos], "%d", arg);
>> +}
> This is broken. args[pos] is a (possibly NULL) pointer to 4 bytes.
> sprintf() will buffer overflow if arg has more than 3 digits.
>
> A correct way to do this is:
>
> args[pos] = g_strdup_printf("%d", arg);
Thanks for correcting it.
>
>> +void python_args_init_cast_long(char *args[], uint64_t arg, int pos)
>> +{
>> + args[pos]= g_malloc(sizeof(uint64_t) * 2);
>> + sprintf(args[pos], "%lx", arg);
>> +}
> Same issue.
>
>> +void python_args_clean(char *args[], int nargs)
>> +{
>> + for (int i = 0; i < nargs; i++) {
>> + g_free(args[i]);
>> + }
>> +}
> Mixing malloc() and g_free() is unsafe. If you switch to
> g_strdup_printf() then g_free() is correct.
sure, I will fix it.
