[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 2/4] pci-assign: Fix potential read beyond buffer on
|
From: |
Alex Williamson |
|
Subject: |
[Qemu-devel] [PULL 2/4] pci-assign: Fix potential read beyond buffer on -EBUSY |
|
Date: |
Wed, 26 Feb 2014 11:26:00 -0700 |
|
User-agent: |
StGit/0.17-dirty |
From: Markus Armbruster <address@hidden>
readlink() doesn't write a terminating null byte.
assign_failed_examine() passes the unterminated string to strrchr().
Oops. Terminate it.
Spotted by Coverity.
Signed-off-by: Markus Armbruster <address@hidden>
Reviewed-by: Peter Maydell <address@hidden>
Signed-off-by: Alex Williamson <address@hidden>
---
hw/i386/kvm/pci-assign.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/i386/kvm/pci-assign.c b/hw/i386/kvm/pci-assign.c
index 9686801..a825871 100644
--- a/hw/i386/kvm/pci-assign.c
+++ b/hw/i386/kvm/pci-assign.c
@@ -743,6 +743,7 @@ static void assign_failed_examine(AssignedDevice *dev)
goto fail;
}
+ driver[r] = 0;
ns = strrchr(driver, '/');
if (!ns) {
goto fail;
- [Qemu-devel] [PULL 0/4] vfio update and fix + pci-assign fix, Alex Williamson, 2014/02/26
- [Qemu-devel] [PULL 1/4] vfio: Fix overrun after readlink() fills buffer completely, Alex Williamson, 2014/02/26
- [Qemu-devel] [PULL 2/4] pci-assign: Fix potential read beyond buffer on -EBUSY,
Alex Williamson <=
- [Qemu-devel] [PULL 3/4] qdev-monitor: set DeviceState opts before calling realize, Alex Williamson, 2014/02/26
- [Qemu-devel] [PULL 4/4] vfio: blacklist loading of unstable roms, Alex Williamson, 2014/02/26
- Re: [Qemu-devel] [PULL 0/4] vfio update and fix + pci-assign fix, Alex Williamson, 2014/02/26
- Re: [Qemu-devel] [PULL 0/4] vfio update and fix + pci-assign fix, Peter Maydell, 2014/02/27