From: Kevin Wolf <kwolf@redhat.com>
To: qemu-devel@nongnu.org
Cc: kwolf@redhat.com
Subject: [Qemu-devel] [PATCH 7/7] vmdk: Fix possible segfaults
Date: Wed, 26 Oct 2011 14:31:22 +0200 [thread overview]
Message-ID: <1319632282-22725-8-git-send-email-kwolf@redhat.com> (raw)
In-Reply-To: <1319632282-22725-1-git-send-email-kwolf@redhat.com>
Data we read from the disk isn't necessarily null terminated and may not
contain the string we're looking for. The code needs to be a bit more careful
here.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block/vmdk.c | 7 ++++++-
1 files changed, 6 insertions(+), 1 deletions(-)
diff --git a/block/vmdk.c b/block/vmdk.c
index fa0e8bd..8caaf0b 100644
--- a/block/vmdk.c
+++ b/block/vmdk.c
@@ -227,6 +227,7 @@ static uint32_t vmdk_read_cid(BlockDriverState *bs, int parent)
cid_str_size = sizeof("CID");
}
+ desc[DESC_SIZE - 1] = '\0';
p_name = strstr(desc, cid_str);
if (p_name != NULL) {
p_name += cid_str_size;
@@ -243,13 +244,17 @@ static int vmdk_write_cid(BlockDriverState *bs, uint32_t cid)
BDRVVmdkState *s = bs->opaque;
int ret;
- memset(desc, 0, sizeof(desc));
ret = bdrv_pread(bs->file, s->desc_offset, desc, DESC_SIZE);
if (ret < 0) {
return ret;
}
+ desc[DESC_SIZE - 1] = '\0';
tmp_str = strstr(desc, "parentCID");
+ if (tmp_str == NULL) {
+ return -EINVAL;
+ }
+
pstrcpy(tmp_desc, sizeof(tmp_desc), tmp_str);
p_name = strstr(desc, "CID");
if (p_name != NULL) {
--
1.7.6.4
prev parent reply other threads:[~2011-10-26 12:28 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-26 12:31 [Qemu-devel] [PATCH 0/7] block: Collection of unrelated simple fixes Kevin Wolf
2011-10-26 12:31 ` [Qemu-devel] [PATCH 1/7] block: Remove dead code Kevin Wolf
2011-10-27 1:50 ` Robert Wang
2011-10-27 7:37 ` Stefan Hajnoczi
2011-10-27 8:23 ` Kevin Wolf
2011-10-26 12:31 ` [Qemu-devel] [PATCH 2/7] block: Fix bdrv_open use after free Kevin Wolf
2011-10-26 12:31 ` [Qemu-devel] [PATCH 3/7] qcow: Fix bdrv_write_compressed error handling Kevin Wolf
2011-10-27 7:33 ` Paolo Bonzini
2011-10-26 12:31 ` [Qemu-devel] [PATCH 4/7] ide: Fix off-by-one error in array index check Kevin Wolf
2011-10-27 7:32 ` Paolo Bonzini
2011-10-26 12:31 ` [Qemu-devel] [PATCH 5/7] vmdk: Fix use of uninitialised value Kevin Wolf
2011-10-26 13:21 ` Pavel Borzenkov
2011-10-26 13:50 ` Kevin Wolf
2011-10-26 12:31 ` [Qemu-devel] [PATCH 6/7] vmdk: Improve error handling Kevin Wolf
2011-10-26 12:31 ` Kevin Wolf [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1319632282-22725-8-git-send-email-kwolf@redhat.com \
--to=kwolf@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).