audio/jackaudio: Avoid dynamic stack allocation in qjack_client_init

Avoid a dynamic stack allocation in qjack_client_init(), by using a g_autofree heap allocation instead. (We stick with allocate + snprintf() because the JACK API requires the name to be no more than its maximum size, so g_strdup_printf() would require an extra truncation step.) The codebase has very few VLAs, and if we can get rid of them all we can make the compiler error on new additions. This is a defensive measure against security bugs where an on-stack dynamic allocation isn't correctly size-checked (e.g. CVE-2021-3527). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com> Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Message-id: 20230818155846.1651287-2-peter.maydell@linaro.org
qemu · Sep 21, 2023 · d71c3d3 · d71c3d3
1 parent 706a92f
commit d71c3d3
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/audio/jackaudio.c b/audio/jackaudio.c
@@ -400,7 +400,8 @@ static void qjack_client_connect_ports(QJackClient *c)
 static int qjack_client_init(QJackClient *c)
 {
     jack_status_t status;
-    char client_name[jack_client_name_size()];
+    int client_name_len = jack_client_name_size(); /* includes NUL */
+    g_autofree char *client_name = g_new(char, client_name_len);
     jack_options_t options = JackNullOption;
 
     if (c->state == QJACK_STATE_RUNNING) {
@@ -409,7 +410,7 @@ static int qjack_client_init(QJackClient *c)
 
     c->connect_ports = true;
 
-    snprintf(client_name, sizeof(client_name), "%s-%s",
+    snprintf(client_name, client_name_len, "%s-%s",
         c->out ? "out" : "in",
         c->opt->client_name ? c->opt->client_name : audio_application_name());