Commit cc64b1a1 authored by Chen Gang's avatar Chen Gang Committed by Alexander Graf
Browse files

target-ppc: kvm: Fix memory overflow issue about strncat() 



strncat() will append additional '\0' to destination buffer, so need
additional 1 byte for it, or may cause memory overflow, just like other
area within QEMU have done.

And can use g_strdup_printf() instead of strncat(), which may be more
easier understanding.

Signed-off-by: default avatarChen Gang <gang.chen.5i5j@gmail.com>
Signed-off-by: default avatarAlexander Graf <agraf@suse.de>
parent f58aa483

target-ppc/kvm.c

+4 −4
Original line number Diff line number Diff line
@@ -1782,7 +1782,7 @@ static int kvmppc_find_cpu_dt(char *buf, int buf_len) 
 * format) */

static uint64_t kvmppc_read_int_cpu_dt(const char *propname)

{

    char buf[PATH_MAX];

    char buf[PATH_MAX], *tmp;

    union {

        uint32_t v32;

        uint64_t v64;
@@ -1794,10 +1794,10 @@ static uint64_t kvmppc_read_int_cpu_dt(const char *propname) 
        return -1;

    }



    strncat(buf, "/", sizeof(buf) - strlen(buf));

    strncat(buf, propname, sizeof(buf) - strlen(buf));

    tmp = g_strdup_printf("%s/%s", buf, propname);



    f = fopen(buf, "rb");

    f = fopen(tmp, "rb");

    g_free(tmp);

    if (!f) {

        return -1;

    }