Re: [Spice-devel] [PATCH spice-gtk 14/15] Remove some large stack allocations

[Daniel P. Berrange]

On Tue, Mar 13, 2012 at 01:40:12PM +0000, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" <berra...@redhat.com>
> 
> A few functions have very large arrays declared on the stack.
> Replace these with heap allocations, to reduce risk of stack
> overflows in deep callpaths
> ---
>  gtk/channel-playback.c |    6 ++++--
>  gtk/spice-channel.c    |   16 ++++++++++++----
>  2 files changed, 16 insertions(+), 6 deletions(-)

Urgh, this patch was a bit messed up - a missing 'g_free' and an unrelated
change. Consider this one replaced by the following two patches

>From 1faa6949404a7aad64030fd29812749ca9ddabfe Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berra...@redhat.com>
Date: Tue, 13 Mar 2012 13:24:07 +0000
Subject: [PATCH] Remove some large stack allocations

A few functions have very large arrays declared on the stack.
Replace these with heap allocations, to reduce risk of stack
overflows in deep callpaths
---
 gtk/channel-playback.c |    8 ++++++--
 gtk/spice-channel.c    |   13 ++++++++++---
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/gtk/channel-playback.c b/gtk/channel-playback.c
index 32f8b1a..2b28d07 100644
--- a/gtk/channel-playback.c
+++ b/gtk/channel-playback.c
@@ -353,18 +353,22 @@ static void playback_handle_data(SpiceChannel *channel, 
SpiceMsgIn *in)
                           packet->data, packet->data_size);
         break;
     case SPICE_AUDIO_DATA_MODE_CELT_0_5_1: {
-        celt_int16_t pcm[256 * 2];
+        celt_int16_t *pcm;
+        gsize pcmLen = 256 * 2;
 
         g_return_if_fail(c->celt_decoder != NULL);
 
+        pcm = g_new0(celt_int16_t, pcmLen);
         if (celt051_decode(c->celt_decoder, packet->data,
                            packet->data_size, pcm) != CELT_OK) {
+            g_free(pcm);
             g_warning("celt_decode() error");
             return;
         }
 
         emit_main_context(channel, SPICE_PLAYBACK_DATA,
-                          (uint8_t *)pcm, sizeof(pcm));
+                          (uint8_t *)pcm, pcmLen);
+        g_free(pcm);
         break;
     }
     default:
diff --git a/gtk/spice-channel.c b/gtk/spice-channel.c
index cdc86ba..d53210e 100644
--- a/gtk/spice-channel.c
+++ b/gtk/spice-channel.c
@@ -941,17 +941,24 @@ static int spice_channel_read_sasl(SpiceChannel *channel, 
void *data, size_t len
     /*             c->sasl_decoded_length, c->sasl_decoded_offset); */
 
     if (c->sasl_decoded == NULL || c->sasl_decoded_length == 0) {
-        char encoded[8192]; /* should stay lower than maxbufsize */
+        char *encoded;
+        gsize encodedLen;
         int err, ret;
 
+        encodedLen = 8192;
+        encoded = g_new0(char, encodedLen);
+
         g_warn_if_fail(c->sasl_decoded_offset == 0);
 
-        ret = spice_channel_read_wire(channel, encoded, sizeof(encoded));
-        if (ret < 0)
+        ret = spice_channel_read_wire(channel, encoded, encodedLen);
+        if (ret < 0) {
+            g_free(encoded);
             return ret;
+        }
 
         err = sasl_decode(c->sasl_conn, encoded, ret,
                           &c->sasl_decoded, &c->sasl_decoded_length);
+        g_free(encoded);
         if (err != SASL_OK) {
             g_warning("Failed to decode SASL data %s",
                       sasl_errstring(err, NULL, NULL));
-- 
1.7.7.6


>From a6f86f5ab187ddb057700fa6b6977c336480310b Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berra...@redhat.com>
Date: Tue, 13 Mar 2012 13:49:08 +0000
Subject: [PATCH] Avoid 'goto' jumping over variable initialization

When a goto statement jumps over a variable declaration with an
initializer, the state of that variable is undefined. Move the
declaration further up, so that the goto doesn't jump over it.
This lets the compiler then warn, if the goto jump results in
use of undefined values.
---
 gtk/spice-channel.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/gtk/spice-channel.c b/gtk/spice-channel.c
index d53210e..248f387 100644
--- a/gtk/spice-channel.c
+++ b/gtk/spice-channel.c
@@ -1636,6 +1636,7 @@ static void spice_channel_recv_link_msg(SpiceChannel 
*channel)
 {
     SpiceChannelPrivate *c;
     int rc, num_caps, i;
+    uint32_t *caps;
 
     g_return_if_fail(channel != NULL);
     g_return_if_fail(channel->priv != NULL);
@@ -1673,7 +1674,7 @@ static void spice_channel_recv_link_msg(SpiceChannel 
*channel)
     /* see original spice/client code: */
     /* g_return_if_fail(c->peer_msg + c->peer_msg->caps_offset * 
sizeof(uint32_t) > c->peer_msg + c->peer_hdr.size); */
 
-    uint32_t *caps = (uint32_t *)((uint8_t *)c->peer_msg + 
c->peer_msg->caps_offset);
+    caps = (uint32_t *)((uint8_t *)c->peer_msg + c->peer_msg->caps_offset);
 
     g_array_set_size(c->remote_common_caps, c->peer_msg->num_common_caps);
     for (i = 0; i < c->peer_msg->num_common_caps; i++, caps++) {
-- 
1.7.7.6



-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|
_______________________________________________
Spice-devel mailing list
Spice-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/spice-devel