From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:57236) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aW5Gm-00026l-Ut for qemu-devel@nongnu.org; Wed, 17 Feb 2016 11:48:05 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aW5Gm-0003tk-2F for qemu-devel@nongnu.org; Wed, 17 Feb 2016 11:48:04 -0500 Received: from mx1.redhat.com ([209.132.183.28]:48271) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aW5Gl-0003te-Ss for qemu-devel@nongnu.org; Wed, 17 Feb 2016 11:48:03 -0500 From: marcandre.lureau@redhat.com Date: Wed, 17 Feb 2016 17:47:54 +0100 Message-Id: <1455727675-20625-5-git-send-email-marcandre.lureau@redhat.com> In-Reply-To: <1455727675-20625-1-git-send-email-marcandre.lureau@redhat.com> References: <1455727675-20625-1-git-send-email-marcandre.lureau@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: [Qemu-devel] [PATCH 4/5] qga: fix off-by-one length check List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , lersek@redhat.com, mdroth@linux.vnet.ibm.com From: Marc-Andr=C3=A9 Lureau Laszlo Ersek said: "The length check is off by one (in the safe direction= ); it should be (nchars >=3D 2). The processing should be active for the wide s= tring L"\r\n" -- resulting in the empty wide string --, I believe." Reported-by: Laszlo Ersek Signed-off-by: Marc-Andr=C3=A9 Lureau --- qga/commands-win32.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qga/commands-win32.c b/qga/commands-win32.c index b20f107..ae8cf3d 100644 --- a/qga/commands-win32.c +++ b/qga/commands-win32.c @@ -1266,7 +1266,7 @@ get_net_error_message(gint error) if (msg !=3D NULL) { nchars =3D wcslen(msg); =20 - if (nchars > 2 && + if (nchars >=3D 2 && msg[nchars - 1] =3D=3D L'\n' && msg[nchars - 2] =3D=3D L'\r') { msg[nchars - 2] =3D L'\0'; --=20 2.5.0