* [Qemu-devel] [PATCH] vmdk: Fix vmdk_parse_extents
@ 2013-10-11 6:04 Fam Zheng
2013-10-11 11:23 ` Kevin Wolf
0 siblings, 1 reply; 3+ messages in thread
From: Fam Zheng @ 2013-10-11 6:04 UTC (permalink / raw)
To: qemu-devel; +Cc: kwolf, stefanha
An extra 'p++' after while loop when *p == '\n' will move p to unknown
data position, risking parsing junk data or memory access violation.
Cc: qemu-stable@nongnu.org
Signed-off-by: Fam Zheng <famz@redhat.com>
---
block/vmdk.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/block/vmdk.c b/block/vmdk.c
index 5d56e31..f2dda21 100644
--- a/block/vmdk.c
+++ b/block/vmdk.c
@@ -760,10 +760,13 @@ static int vmdk_parse_extents(const char *desc, BlockDriverState *bs,
}
next_line:
/* move to next line */
- while (*p && *p != '\n') {
+ while (*p) {
p++;
+ if (*p == '\n') {
+ p++;
+ break;
+ }
}
- p++;
}
return 0;
}
--
1.8.3.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Qemu-devel] [PATCH] vmdk: Fix vmdk_parse_extents
2013-10-11 6:04 [Qemu-devel] [PATCH] vmdk: Fix vmdk_parse_extents Fam Zheng
@ 2013-10-11 11:23 ` Kevin Wolf
2013-10-11 11:30 ` Fam Zheng
0 siblings, 1 reply; 3+ messages in thread
From: Kevin Wolf @ 2013-10-11 11:23 UTC (permalink / raw)
To: Fam Zheng; +Cc: qemu-devel, stefanha
Am 11.10.2013 um 08:04 hat Fam Zheng geschrieben:
> An extra 'p++' after while loop when *p == '\n' will move p to unknown
> data position, risking parsing junk data or memory access violation.
>
> Cc: qemu-stable@nongnu.org
> Signed-off-by: Fam Zheng <famz@redhat.com>
> ---
> block/vmdk.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/block/vmdk.c b/block/vmdk.c
> index 5d56e31..f2dda21 100644
> --- a/block/vmdk.c
> +++ b/block/vmdk.c
> @@ -760,10 +760,13 @@ static int vmdk_parse_extents(const char *desc, BlockDriverState *bs,
> }
> next_line:
> /* move to next line */
> - while (*p && *p != '\n') {
> + while (*p) {
> p++;
If the first not yet parsed character is \n, you're missing a line break
now, aren't you?
> + if (*p == '\n') {
> + p++;
> + break;
> + }
> }
> - p++;
> }
> return 0;
> }
Kevin
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Qemu-devel] [PATCH] vmdk: Fix vmdk_parse_extents
2013-10-11 11:23 ` Kevin Wolf
@ 2013-10-11 11:30 ` Fam Zheng
0 siblings, 0 replies; 3+ messages in thread
From: Fam Zheng @ 2013-10-11 11:30 UTC (permalink / raw)
To: Kevin Wolf; +Cc: qemu-devel, stefanha
On Fri, 10/11 13:23, Kevin Wolf wrote:
> Am 11.10.2013 um 08:04 hat Fam Zheng geschrieben:
> > An extra 'p++' after while loop when *p == '\n' will move p to unknown
> > data position, risking parsing junk data or memory access violation.
> >
> > Cc: qemu-stable@nongnu.org
> > Signed-off-by: Fam Zheng <famz@redhat.com>
> > ---
> > block/vmdk.c | 7 +++++--
> > 1 file changed, 5 insertions(+), 2 deletions(-)
> >
> > diff --git a/block/vmdk.c b/block/vmdk.c
> > index 5d56e31..f2dda21 100644
> > --- a/block/vmdk.c
> > +++ b/block/vmdk.c
> > @@ -760,10 +760,13 @@ static int vmdk_parse_extents(const char *desc, BlockDriverState *bs,
> > }
> > next_line:
> > /* move to next line */
> > - while (*p && *p != '\n') {
> > + while (*p) {
> > p++;
>
> If the first not yet parsed character is \n, you're missing a line break
> now, aren't you?
>
Yes. This case it can miss a whole line following an empty line. Will fix. Thanks.
Fam
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2013-10-11 11:30 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-10-11 6:04 [Qemu-devel] [PATCH] vmdk: Fix vmdk_parse_extents Fam Zheng
2013-10-11 11:23 ` Kevin Wolf
2013-10-11 11:30 ` Fam Zheng
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).