[PULL 1/9] hw/loongarch/boot.c: fix out-of-bound reading

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PULL 1/9] hw/loongarch/boot.c: fix out-of-bound reading

From:	Song Gao
Subject:	[PULL 1/9] hw/loongarch/boot.c: fix out-of-bound reading
Date:	Thu, 11 Jul 2024 15:48:21 +0800

From: Dmitry Frolov <frolov@swemel.ru>

memcpy() is trying to READ 512 bytes from memory,
pointed by info->kernel_cmdline,
which was (presumable) allocated by g_strdup("");
Found with ASAN, making check with enabled sanitizers.

Signed-off-by: Dmitry Frolov <frolov@swemel.ru>
Reviewed-by: Song Gao <gaosong@loongson.cn>
Message-Id: <20240628123910.577740-1-frolov@swemel.ru>
Signed-off-by: Song Gao <gaosong@loongson.cn>
---
 hw/loongarch/boot.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/loongarch/boot.c b/hw/loongarch/boot.c
index b8e1aa18d5..cb668703bd 100644
--- a/hw/loongarch/boot.c
+++ b/hw/loongarch/boot.c
@@ -163,7 +163,7 @@ static void init_cmdline(struct loongarch_boot_info *info, 
void *p, void *start)
     info->a0 = 1;
     info->a1 = cmdline_addr;
 
-    memcpy(p, info->kernel_cmdline, COMMAND_LINE_SIZE);
+    g_strlcpy(p, info->kernel_cmdline, COMMAND_LINE_SIZE);
 }
 
 static uint64_t cpu_loongarch_virt_to_phys(void *opaque, uint64_t addr)
-- 
2.34.1

[Prev in Thread]

Current Thread

[Next in Thread]

[PULL 0/9] loongarch-to-apply queue, Song Gao, 2024/07/11
- [PULL 7/9] target/loongarch: Remove avail_64 in trans_srai_w() and simplify it, Song Gao, 2024/07/11
- [PULL 5/9] MAINTAINERS: Add myself as a reviewer of LoongArch virt machine, Song Gao, 2024/07/11
- [PULL 4/9] hw/loongarch/virt: Remove unused assignment, Song Gao, 2024/07/11
- [PULL 9/9] target/loongarch: Fix cpu_reset set wrong CSR_CRMD, Song Gao, 2024/07/11
- [PULL 1/9] hw/loongarch/boot.c: fix out-of-bound reading, Song Gao <=
- [PULL 3/9] hw/loongarch: Modify flash block size to 256K, Song Gao, 2024/07/11
- [PULL 2/9] hw/loongarch: Change the tpm support by default, Song Gao, 2024/07/11
- [PULL 8/9] target/loongarch: Set CSR_PRCFG1 and CSR_PRCFG2 values, Song Gao, 2024/07/11
- [PULL 6/9] target/loongarch/kvm: Add software breakpoint support, Song Gao, 2024/07/11
- Re: [PULL 0/9] loongarch-to-apply queue, Philippe Mathieu-Daudé, 2024/07/11
  - Re: [PULL 0/9] loongarch-to-apply queue, gaosong, 2024/07/11
    - Re: [PULL 0/9] loongarch-to-apply queue, Philippe Mathieu-Daudé, 2024/07/12
  - Re: [PULL 0/9] loongarch-to-apply queue, lixianglai, 2024/07/12
    - Re: [PULL 0/9] loongarch-to-apply queue, gaosong, 2024/07/18

Prev by Date: [PULL 9/9] target/loongarch: Fix cpu_reset set wrong CSR_CRMD
Next by Date: [PULL 3/9] hw/loongarch: Modify flash block size to 256K
Previous by thread: [PULL 9/9] target/loongarch: Fix cpu_reset set wrong CSR_CRMD
Next by thread: [PULL 3/9] hw/loongarch: Modify flash block size to 256K
Index(es):
- Date
- Thread