From: Gerd Hoffmann <kraxel@redhat.com>
To: qemu-devel@nongnu.org
Cc: Gerd Hoffmann <kraxel@redhat.com>
Subject: [Qemu-devel] [PATCH for-3.1 1/2] usb-mtp: fix utf16_to_str
Date: Fri, 30 Nov 2018 12:12:21 +0100 [thread overview]
Message-ID: <20181130111222.25386-2-kraxel@redhat.com> (raw)
In-Reply-To: <20181130111222.25386-1-kraxel@redhat.com>
Make utf16_to_str return an allocated string. Remove the assumtion that
the number of string bytes equals the number of utf16 chars (which is
only true for ascii chars). Instead call wcstombs twice, once to figure
the storage size and once for the actual conversion (as suggested by the
wcstombs manpage).
Reported-by: Michael Hanselmann (hansmi.ch)
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/usb/dev-mtp.c | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
index 00a3691bae..fbe1ace035 100644
--- a/hw/usb/dev-mtp.c
+++ b/hw/usb/dev-mtp.c
@@ -1593,17 +1593,22 @@ static void usb_mtp_cancel_packet(USBDevice *dev, USBPacket *p)
fprintf(stderr, "%s\n", __func__);
}
-static void utf16_to_str(uint8_t len, uint16_t *arr, char *name)
+static char *utf16_to_str(uint8_t len, uint16_t *arr)
{
- int count;
- wchar_t *wstr = g_new0(wchar_t, len);
+ wchar_t *wstr = g_new0(wchar_t, len + 1);
+ int count, dlen;
+ char *dest;
for (count = 0; count < len; count++) {
wstr[count] = (wchar_t)arr[count];
}
+ wstr[count] = 0;
- wcstombs(name, wstr, len);
+ dlen = wcstombs(NULL, wstr, 0) + 1;
+ dest = g_malloc(dlen);
+ wcstombs(dest, wstr, dlen);
g_free(wstr);
+ return dest;
}
/* Wrapper around write, returns 0 on failure */
@@ -1703,7 +1708,7 @@ static void usb_mtp_write_metadata(MTPState *s)
{
MTPData *d = s->data_out;
ObjectInfo *dataset = (ObjectInfo *)d->data;
- char *filename = g_new0(char, dataset->length);
+ char *filename;
MTPObject *o;
MTPObject *p = usb_mtp_object_lookup(s, s->dataset.parent_handle);
uint32_t next_handle = s->next_handle;
@@ -1711,7 +1716,7 @@ static void usb_mtp_write_metadata(MTPState *s)
assert(!s->write_pending);
assert(p != NULL);
- utf16_to_str(dataset->length, dataset->filename, filename);
+ filename = utf16_to_str(dataset->length, dataset->filename);
o = usb_mtp_object_lookup_name(p, filename, dataset->length);
if (o != NULL) {
--
2.9.3
next prev parent reply other threads:[~2018-11-30 11:12 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-30 11:12 [Qemu-devel] [PATCH for-3.1 0/2] usb-mtp: two bugfixes (one security fix) Gerd Hoffmann
2018-11-30 11:12 ` Gerd Hoffmann [this message]
2018-11-30 13:13 ` [Qemu-devel] [PATCH for-3.1 1/2] usb-mtp: fix utf16_to_str Markus Armbruster
2018-11-30 19:58 ` Bandan Das
2018-11-30 11:12 ` [Qemu-devel] [PATCH for-3.1 2/2] usb-mtp: outlaw slashes in filenames Gerd Hoffmann
2018-11-30 19:08 ` Philippe Mathieu-Daudé
2018-11-30 19:58 ` Eric Blake
2018-12-01 11:55 ` Philippe Mathieu-Daudé
2018-12-01 13:49 ` Michael Hanselmann
2018-11-30 20:08 ` Bandan Das
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181130111222.25386-2-kraxel@redhat.com \
--to=kraxel@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).