[PULL 15/22] vfio/pci: Fix buffer overrun when writing the VF token

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PULL 15/22] vfio/pci: Fix buffer overrun when writing the VF token

From:	Cédric Le Goater
Subject:	[PULL 15/22] vfio/pci: Fix buffer overrun when writing the VF token
Date:	Mon, 6 Nov 2023 15:36:46 +0100

qemu_uuid_unparse() includes a trailing NUL when writing the uuid
string and the buffer size should be UUID_FMT_LEN + 1 bytes. Use the
recently added UUID_STR_LEN which defines the correct size.

Fixes: CID 1522913
Fixes: 2dca1b37a760 ("vfio/pci: add support for VF token")
Cc: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: "Denis V. Lunev" <den@openvz.org>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
---
 hw/vfio/pci.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
index 
b27011cee72a0fb3b2d57d297c0b5c2ccff9d9a6..c62c02f7b692c98bba1b931ebb1a4254a7f56061
 100644
--- a/hw/vfio/pci.c
+++ b/hw/vfio/pci.c
@@ -3081,7 +3081,7 @@ static void vfio_realize(PCIDevice *pdev, Error **errp)
     struct stat st;
     int i, ret;
     bool is_mdev;
-    char uuid[UUID_FMT_LEN];
+    char uuid[UUID_STR_LEN];
     char *name;
 
     if (!vbasedev->sysfsdev) {
-- 
2.41.0

[Prev in Thread]

Current Thread

[Next in Thread]

[PULL 03/22] vfio: Collect container iova range info, (continued)
- [PULL 03/22] vfio: Collect container iova range info, Cédric Le Goater, 2023/11/06
- [PULL 08/22] range: Introduce range_inverse_array(), Cédric Le Goater, 2023/11/06
- [PULL 09/22] virtio-iommu: Record whether a probe request has been issued, Cédric Le Goater, 2023/11/06
  - Re: [PULL 09/22] virtio-iommu: Record whether a probe request has been issued, Peter Maydell, 2023/11/09
    - Re: [PULL 09/22] virtio-iommu: Record whether a probe request has been issued, Eric Auger, 2023/11/09
- [PULL 10/22] virtio-iommu: Implement set_iova_ranges() callback, Cédric Le Goater, 2023/11/06
- [PULL 12/22] test: Add some tests for range and resv-mem helpers, Cédric Le Goater, 2023/11/06
- [PULL 11/22] virtio-iommu: Consolidate host reserved regions and property set ones, Cédric Le Goater, 2023/11/06
- [PULL 13/22] hw/pci: modify pci_setup_iommu() to set PCIIOMMUOps, Cédric Le Goater, 2023/11/06
- [PULL 14/22] util/uuid: Add UUID_STR_LEN definition, Cédric Le Goater, 2023/11/06
- [PULL 15/22] vfio/pci: Fix buffer overrun when writing the VF token, Cédric Le Goater <=
- [PULL 16/22] util/uuid: Remove UUID_FMT_LEN, Cédric Le Goater, 2023/11/06
- [PULL 17/22] util/uuid: Define UUID_STR_LEN from UUID_NONE string, Cédric Le Goater, 2023/11/06
- [PULL 18/22] vfio/container: Move IBM EEH related functions into spapr_pci_vfio.c, Cédric Le Goater, 2023/11/06
- [PULL 19/22] vfio/container: Move vfio_container_add/del_section_window into spapr.c, Cédric Le Goater, 2023/11/06
- [PULL 20/22] vfio/container: Move spapr specific init/deinit into spapr.c, Cédric Le Goater, 2023/11/06
- [PULL 21/22] vfio/spapr: Make vfio_spapr_create/remove_window static, Cédric Le Goater, 2023/11/06
- [PULL 22/22] vfio/common: Move vfio_host_win_add/del into spapr.c, Cédric Le Goater, 2023/11/06
- Re: [PULL 00/22] vfio queue, Stefan Hajnoczi, 2023/11/06

Prev by Date: [PULL 14/22] util/uuid: Add UUID_STR_LEN definition
Next by Date: [PULL 16/22] util/uuid: Remove UUID_FMT_LEN
Previous by thread: [PULL 14/22] util/uuid: Add UUID_STR_LEN definition
Next by thread: [PULL 16/22] util/uuid: Remove UUID_FMT_LEN
Index(es):
- Date
- Thread