[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH v2] target-ppc: kvm: Fix memory overflow issue about
From: |
Chen Gang |
Subject: |
[Qemu-devel] [PATCH v2] target-ppc: kvm: Fix memory overflow issue about strncat() |
Date: |
Wed, 15 Oct 2014 21:48:07 +0800 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130625 Thunderbird/17.0.7 |
strncat() will append additional '\0' to destination buffer, so need
additional 1 byte for it, or may cause memory overflow, just like other
area within QEMU have done.
And can use g_strdup_printf() instead of strncat(), which may be more
easier understanding.
Signed-off-by: Chen Gang <address@hidden>
---
target-ppc/kvm.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/target-ppc/kvm.c b/target-ppc/kvm.c
index 66e7ce5..cea6a87 100644
--- a/target-ppc/kvm.c
+++ b/target-ppc/kvm.c
@@ -1782,7 +1782,7 @@ static int kvmppc_find_cpu_dt(char *buf, int buf_len)
* format) */
static uint64_t kvmppc_read_int_cpu_dt(const char *propname)
{
- char buf[PATH_MAX];
+ char buf[PATH_MAX], *tmp;
union {
uint32_t v32;
uint64_t v64;
@@ -1794,10 +1794,10 @@ static uint64_t kvmppc_read_int_cpu_dt(const char
*propname)
return -1;
}
- strncat(buf, "/", sizeof(buf) - strlen(buf));
- strncat(buf, propname, sizeof(buf) - strlen(buf));
+ tmp = g_strdup_printf("%s/%s", buf, propname);
- f = fopen(buf, "rb");
+ f = fopen(tmp, "rb");
+ g_free(tmp);
if (!f) {
return -1;
}
--
1.9.3
- [Qemu-devel] [PATCH v2] target-ppc: kvm: Fix memory overflow issue about strncat(),
Chen Gang <=