On 9/3/21 11:13 PM, Eric Blake wrote: > On Fri, Sep 03, 2021 at 07:44:47PM +0200, Philippe Mathieu-Daudé wrote: >> Per >> https://discourse.gnome.org/t/port-your-module-from-g-memdup-to-g-memdup2-now/5538 >> >> The old API took the size of the memory to duplicate as a guint, >> whereas most memory functions take memory sizes as a gsize. This >> made it easy to accidentally pass a gsize to g_memdup(). For large >> values, that would lead to a silent truncation of the size from 64 >> to 32 bits, and result in a heap area being returned which is >> significantly smaller than what the caller expects. This can likely >> be exploited in various modules to cause a heap buffer overflow. >> >> Replace g_memdup() by the safer g_memdup2() wrapper. >> >> Signed-off-by: Philippe Mathieu-Daudé <phi...@redhat.com> >> --- >> block/qcow2-bitmap.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/block/qcow2-bitmap.c b/block/qcow2-bitmap.c >> index 8fb47315515..218a0dc712a 100644 >> --- a/block/qcow2-bitmap.c >> +++ b/block/qcow2-bitmap.c >> @@ -1599,7 +1599,7 @@ bool >> qcow2_store_persistent_dirty_bitmaps(BlockDriverState *bs, >> name); >> goto fail; >> } >> - tb = g_memdup(&bm->table, sizeof(bm->table)); >> + tb = g_memdup2(&bm->table, sizeof(bm->table)); > > Trivially safe. It might be worth a comment in the various commit > messages for which patches are trivially safe (because the argument > was directly from sizeof), and which would require a larger audit of > callers to see if we had any (unlikely) bug (such as patch 3/28).
Yes, will do. > Reviewed-by: Eric Blake <ebl...@redhat.com> Thanks!
