From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49222) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1boqpi-0008Qs-HX for qemu-devel@nongnu.org; Tue, 27 Sep 2016 07:45:59 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1boqpd-0005l7-K1 for qemu-devel@nongnu.org; Tue, 27 Sep 2016 07:45:58 -0400 Received: from mail-wm0-f66.google.com ([74.125.82.66]:32772) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1boqpd-0005hs-EG for qemu-devel@nongnu.org; Tue, 27 Sep 2016 07:45:53 -0400 Received: by mail-wm0-f66.google.com with SMTP id w84so738172wmg.0 for ; Tue, 27 Sep 2016 04:45:32 -0700 (PDT) Message-ID: <57ea5b9f.87941c0a.d0b87.d5b6@mx.google.com> From: Li Qiang Date: Tue, 27 Sep 2016 04:44:11 -0700 Subject: [Qemu-devel] [PATCH] 9pfs: make unmarshal V9fsString more robust List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: aneesh.kumar@linux.vnet.ibm.com, groug@kaod.org, qemu-devel@nongnu.org Cc: Li Qiang From: Li Qiang In 9pfs function v9fs_iov_vunmarshal, it will not allocate space for empty string. This will cause several NULL pointer dereference issues. this patch fix this issue. Signed-off-by: Li Qiang --- fsdev/9p-iov-marshal.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fsdev/9p-iov-marshal.c b/fsdev/9p-iov-marshal.c index 663cad5..1d16f8d 100644 --- a/fsdev/9p-iov-marshal.c +++ b/fsdev/9p-iov-marshal.c @@ -125,7 +125,7 @@ ssize_t v9fs_iov_vunmarshal(struct iovec *out_sg, int out_num, size_t offset, str->data = g_malloc(str->size + 1); copied = v9fs_unpack(str->data, out_sg, out_num, offset, str->size); - if (copied > 0) { + if (copied >= 0) { str->data[str->size] = 0; } else { v9fs_string_free(str); -- 1.8.3.1