On Fri, Sep 03, 2021 at 07:44:47PM +0200, Philippe Mathieu-Daudé wrote: > Per > https://discourse.gnome.org/t/port-your-module-from-g-memdup-to-g-memdup2-now/5538 > > The old API took the size of the memory to duplicate as a guint, > whereas most memory functions take memory sizes as a gsize. This > made it easy to accidentally pass a gsize to g_memdup(). For large > values, that would lead to a silent truncation of the size from 64 > to 32 bits, and result in a heap area being returned which is > significantly smaller than what the caller expects. This can likely > be exploited in various modules to cause a heap buffer overflow. > > Replace g_memdup() by the safer g_memdup2() wrapper. > > Signed-off-by: Philippe Mathieu-Daudé <phi...@redhat.com> > --- > block/qcow2-bitmap.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/block/qcow2-bitmap.c b/block/qcow2-bitmap.c > index 8fb47315515..218a0dc712a 100644 > --- a/block/qcow2-bitmap.c > +++ b/block/qcow2-bitmap.c > @@ -1599,7 +1599,7 @@ bool > qcow2_store_persistent_dirty_bitmaps(BlockDriverState *bs, > name); > goto fail; > } > - tb = g_memdup(&bm->table, sizeof(bm->table)); > + tb = g_memdup2(&bm->table, sizeof(bm->table));
Trivially safe. It might be worth a comment in the various commit messages for which patches are trivially safe (because the argument was directly from sizeof), and which would require a larger audit of callers to see if we had any (unlikely) bug (such as patch 3/28). Reviewed-by: Eric Blake <ebl...@redhat.com> -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org
