qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] scsi: fix allocation for s390x loadparm

From: Jared Rossi
Subject: Re: [PATCH] scsi: fix allocation for s390x loadparm
Date: Tue, 19 Nov 2024 18:45:30 -0500
User-agent: Mozilla Thunderbird 

On 11/19/24 4:31 PM, Paolo Bonzini wrote:

Coverity reports a possible buffer overrun due to a non-NUL-terminated
string in scsi_property_set_loadparm().  While things are not so easy,
because qdev_prop_sanitize_s390x_loadparm is designed to operate on a
buffer that is not NUL-terminated, in this case the string *does* have
to be NUL-terminated because it is read by scsi_property_get_loadparm
and s390_build_iplb.

Cc: jrossi@linux.ibm.com
Cc: thuth@redhat.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
  hw/scsi/scsi-disk.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
index 8e553487d50..7f13b0588f2 100644
--- a/hw/scsi/scsi-disk.c
+++ b/hw/scsi/scsi-disk.c
@@ -3152,7 +3152,7 @@ static void scsi_property_set_loadparm(Object *obj, const 
char *value,
          return;
      }
- lp_str = g_malloc0(strlen(value)); 
+    lp_str = g_malloc0(strlen(value) + 1);
      if (!qdev_prop_sanitize_s390x_loadparm(lp_str, value, errp)) {
          g_free(lp_str);
          return;

Reviewed-by Jared Rossi <jrossi@linux.ibm.com>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]