[Qemu-devel] [PATCH v2] vmdk: Fix vmdk_parse

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [Qemu-devel] [PATCH v2] vmdk: Fix vmdk_parse_extents
@ 2013-10-11 11:48 Fam Zheng
  2013-10-11 11:55 ` Kevin Wolf
  2013-10-14  1:57 ` Fam Zheng
  0 siblings, 2 replies; 3+ messages in thread
From: Fam Zheng @ 2013-10-11 11:48 UTC (permalink / raw)
  To: qemu-devel; +Cc: kwolf, stefanha

An extra 'p++' after while loop when *p == '\n' will move p to unknown
data position, risking parsing junk data or memory access violation.

Cc: qemu-stable@nongnu.org
Signed-off-by: Fam Zheng <famz@redhat.com>
---
 block/vmdk.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/block/vmdk.c b/block/vmdk.c
index 5d56e31..21f0fa7 100644
--- a/block/vmdk.c
+++ b/block/vmdk.c
@@ -760,10 +760,13 @@ static int vmdk_parse_extents(const char *desc, BlockDriverState *bs,
         }
 next_line:
         /* move to next line */
-        while (*p && *p != '\n') {
+        while (*p) {
+            if (*p == '\n') {
+                p++;
+                break;
+            }
             p++;
         }
-        p++;
     }
     return 0;
 }
-- 
1.8.3.1

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [Qemu-devel] [PATCH v2] vmdk: Fix vmdk_parse_extents
  2013-10-11 11:48 [Qemu-devel] [PATCH v2] vmdk: Fix vmdk_parse_extents Fam Zheng
@ 2013-10-11 11:55 ` Kevin Wolf
  2013-10-14  1:57 ` Fam Zheng
  1 sibling, 0 replies; 3+ messages in thread
From: Kevin Wolf @ 2013-10-11 11:55 UTC (permalink / raw)
  To: Fam Zheng; +Cc: qemu-devel, stefanha

Am 11.10.2013 um 13:48 hat Fam Zheng geschrieben:
> An extra 'p++' after while loop when *p == '\n' will move p to unknown
> data position, risking parsing junk data or memory access violation.
> 
> Cc: qemu-stable@nongnu.org
> Signed-off-by: Fam Zheng <famz@redhat.com>

Thanks, applied to the block branch.

Kevin

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [Qemu-devel] [PATCH v2] vmdk: Fix vmdk_parse_extents
  2013-10-11 11:48 [Qemu-devel] [PATCH v2] vmdk: Fix vmdk_parse_extents Fam Zheng
  2013-10-11 11:55 ` Kevin Wolf
@ 2013-10-14  1:57 ` Fam Zheng
  1 sibling, 0 replies; 3+ messages in thread
From: Fam Zheng @ 2013-10-14  1:57 UTC (permalink / raw)
  To: qemu-devel; +Cc: qemu-stable

Cc'ing qemu-stable@nongnu.org.

On Fri, 10/11 19:48, Fam Zheng wrote:
> An extra 'p++' after while loop when *p == '\n' will move p to unknown
> data position, risking parsing junk data or memory access violation.
> 
> Cc: qemu-stable@nongnu.org
> Signed-off-by: Fam Zheng <famz@redhat.com>
> ---
>  block/vmdk.c | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)
> 
> diff --git a/block/vmdk.c b/block/vmdk.c
> index 5d56e31..21f0fa7 100644
> --- a/block/vmdk.c
> +++ b/block/vmdk.c
> @@ -760,10 +760,13 @@ static int vmdk_parse_extents(const char *desc, BlockDriverState *bs,
>          }
>  next_line:
>          /* move to next line */
> -        while (*p && *p != '\n') {
> +        while (*p) {
> +            if (*p == '\n') {
> +                p++;
> +                break;
> +            }
>              p++;
>          }
> -        p++;
>      }
>      return 0;
>  }
> -- 
> 1.8.3.1
> 
> 

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2013-10-14  1:57 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-10-11 11:48 [Qemu-devel] [PATCH v2] vmdk: Fix vmdk_parse_extents Fam Zheng
2013-10-11 11:55 ` Kevin Wolf
2013-10-14  1:57 ` Fam Zheng

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).