[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 5/5] scsi: fix allocation for s390x loadparm
|
From: |
Paolo Bonzini |
|
Subject: |
[PULL 5/5] scsi: fix allocation for s390x loadparm |
|
Date: |
Wed, 20 Nov 2024 08:27:23 +0100 |
Coverity reports a possible buffer overrun due to a non-NUL-terminated
string in scsi_property_set_loadparm(). While things are not so easy,
because qdev_prop_sanitize_s390x_loadparm is designed to operate on a
buffer that is not NUL-terminated, in this case the string *does* have
to be NUL-terminated because it is read by scsi_property_get_loadparm
and s390_build_iplb.
Reviewed-by: jrossi@linux.ibm.com
Cc: thuth@redhat.com
Fixes: 429442e52d9 ("hw: Add "loadparm" property to scsi disk devices for
booting on s390x", 2024-11-18)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/scsi/scsi-disk.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
index 8e553487d50..7f13b0588f2 100644
--- a/hw/scsi/scsi-disk.c
+++ b/hw/scsi/scsi-disk.c
@@ -3152,7 +3152,7 @@ static void scsi_property_set_loadparm(Object *obj, const
char *value,
return;
}
- lp_str = g_malloc0(strlen(value));
+ lp_str = g_malloc0(strlen(value) + 1);
if (!qdev_prop_sanitize_s390x_loadparm(lp_str, value, errp)) {
g_free(lp_str);
return;
--
2.47.0
- [PULL 0/5] More changes for QEMU 9.2 rc, Paolo Bonzini, 2024/11/20
- [PULL 1/5] hw/i386/pc: Remove vmport value assertion, Paolo Bonzini, 2024/11/20
- [PULL 2/5] hvf: remove unused but set variable, Paolo Bonzini, 2024/11/20
- [PULL 3/5] hw/core/machine-smp: Initialize caches_bitmap before reading, Paolo Bonzini, 2024/11/20
- [PULL 4/5] hw/core/machine-smp: Fix error message parameter, Paolo Bonzini, 2024/11/20
- [PULL 5/5] scsi: fix allocation for s390x loadparm,
Paolo Bonzini <=
- Re: [PULL 0/5] More changes for QEMU 9.2 rc, Peter Maydell, 2024/11/20