mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

target-ppc: kvm: Fix memory overflow issue about strncat()

Browse Source 
strncat() will append additional '\0' to destination buffer, so need
additional 1 byte for it, or may cause memory overflow, just like other
area within QEMU have done.

And can use g_strdup_printf() instead of strncat(), which may be more
easier understanding.

Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This commit is contained in:
Chen Gang 2014-10-15 21:48:07 +08:00 committed by Alexander Graf
parent f58aa48314
commit cc64b1a194
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
target-ppc/kvm.c
View File

@ -1782,7 +1782,7 @@ static int kvmppc_find_cpu_dt(char *buf, int buf_len)
* format) */ * format) */
static uint64_t kvmppc_read_int_cpu_dt(const char *propname) static uint64_t kvmppc_read_int_cpu_dt(const char *propname)
{ {
char buf[PATH_MAX]; char buf[PATH_MAX], *tmp;
union { union {
uint32_t v32; uint32_t v32;
uint64_t v64; uint64_t v64;
@ -1794,10 +1794,10 @@ static uint64_t kvmppc_read_int_cpu_dt(const char *propname)
return -1; return -1;
} }
strncat(buf, "/", sizeof(buf) - strlen(buf)); tmp = g_strdup_printf("%s/%s", buf, propname);
strncat(buf, propname, sizeof(buf) - strlen(buf));
f = fopen(buf, "rb"); f = fopen(tmp, "rb");
g_free(tmp);
if (!f) { if (!f) {
return -1; return -1;
} }