From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:47582) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1W8vC1-0003sT-6y for qemu-devel@nongnu.org; Thu, 30 Jan 2014 12:14:30 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1W8vBp-0004lO-Kf for qemu-devel@nongnu.org; Thu, 30 Jan 2014 12:14:21 -0500 Received: from e06smtp18.uk.ibm.com ([195.75.94.114]:38522) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1W8vBp-0004kj-BS for qemu-devel@nongnu.org; Thu, 30 Jan 2014 12:14:09 -0500 Received: from /spool/local by e06smtp18.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 30 Jan 2014 17:14:06 -0000 Received: from b06cxnps4075.portsmouth.uk.ibm.com (d06relay12.portsmouth.uk.ibm.com [9.149.109.197]) by d06dlp01.portsmouth.uk.ibm.com (Postfix) with ESMTP id 2A1F517D8062 for ; Thu, 30 Jan 2014 17:14:25 +0000 (GMT) Received: from d06av05.portsmouth.uk.ibm.com (d06av05.portsmouth.uk.ibm.com [9.149.37.229]) by b06cxnps4075.portsmouth.uk.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id s0UHDqSI983398 for ; Thu, 30 Jan 2014 17:13:52 GMT Received: from d06av05.portsmouth.uk.ibm.com (localhost [127.0.0.1]) by d06av05.portsmouth.uk.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id s0UHE4Tt022091 for ; Thu, 30 Jan 2014 10:14:04 -0700 Message-ID: <52EA885B.50404@linux.vnet.ibm.com> Date: Thu, 30 Jan 2014 21:14:03 +0400 From: Ekaterina Tumanova MIME-Version: 1.0 References: <1390890126-17377-1-git-send-email-qiaonuohan@cn.fujitsu.com> <1390890126-17377-9-git-send-email-qiaonuohan@cn.fujitsu.com> In-Reply-To: <1390890126-17377-9-git-send-email-qiaonuohan@cn.fujitsu.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH v8 08/13] dump: add API to write dump header List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org, lersek@redhat.com, Christian Borntraeger On 01/28/2014 10:22 AM, qiaonuohan wrote: > the functions are used to write header of kdump-compressed format to vmcore. > Header of kdump-compressed format includes: > 1. common header: DiskDumpHeader32 / DiskDumpHeader64 > 2. sub header: KdumpSubHeader32 / KdumpSubHeader64 > 3. extra information: only elf notes here > ... > +static int create_header32(DumpState *s) > +{ > + int ret = 0; > + DiskDumpHeader32 *dh = NULL; > + KdumpSubHeader32 *kh = NULL; > + size_t size; > + int endian = s->dump_info.d_endian; > + uint32_t block_size; > + uint32_t sub_hdr_size; > + uint32_t bitmap_blocks; > + uint32_t status = 0; > + uint64_t offset_note; > + > + /* write common header, the version of kdump-compressed format is 6th */ > + size = sizeof(DiskDumpHeader32); > + dh = g_malloc0(size); > + > + strncpy(dh->signature, KDUMP_SIGNATURE, strlen(KDUMP_SIGNATURE)); In this function the 3rd should argument should contain the length of the destination argument (1st parameter). If you place here the length of the 2nd parameter, this function call becomes semantically the same as simple call to strcpy with all the security implications... There are more places like this. Regards, Kate.