From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:41803) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bAKUh-0005TJ-3Z for qemu-devel@nongnu.org; Tue, 07 Jun 2016 13:08:48 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bAKUb-00079a-Qm for qemu-devel@nongnu.org; Tue, 07 Jun 2016 13:08:45 -0400 Received: from mail-wm0-x243.google.com ([2a00:1450:400c:c09::243]:35468) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bAKUb-00079V-JZ for qemu-devel@nongnu.org; Tue, 07 Jun 2016 13:08:41 -0400 Received: by mail-wm0-x243.google.com with SMTP id k184so19386842wme.2 for ; Tue, 07 Jun 2016 10:08:41 -0700 (PDT) Sender: Paolo Bonzini From: Paolo Bonzini Date: Tue, 7 Jun 2016 19:08:34 +0200 Message-Id: <1465319317-50519-2-git-send-email-pbonzini@redhat.com> In-Reply-To: <1465319317-50519-1-git-send-email-pbonzini@redhat.com> References: <1465319317-50519-1-git-send-email-pbonzini@redhat.com> Subject: [Qemu-devel] [PULL 06/13] scsi: megasas: null terminate bios version buffer List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: Prasad J Pandit From: Prasad J Pandit While reading information via 'megasas_ctrl_get_info' routine, a local bios version buffer isn't null terminated. Add the terminating null byte to avoid any OOB access. Reported-by: Li Qiang Reviewed-by: Peter Maydell Signed-off-by: Prasad J Pandit Signed-off-by: Paolo Bonzini --- hw/scsi/megasas.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c index cc66d36..a9ffc32 100644 --- a/hw/scsi/megasas.c +++ b/hw/scsi/megasas.c @@ -773,6 +773,7 @@ static int megasas_ctrl_get_info(MegasasState *s, MegasasCmd *cmd) ptr = memory_region_get_ram_ptr(&pci_dev->rom); memcpy(biosver, ptr + 0x41, 31); + biosver[31] = 0; memcpy(info.image_component[1].name, "BIOS", 4); memcpy(info.image_component[1].version, biosver, strlen((const char *)biosver)); -- 1.8.3.1