[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 11/55] vmdk: Fix possible segfaults
From: |
Kevin Wolf |
Subject: |
[Qemu-devel] [PATCH 11/55] vmdk: Fix possible segfaults |
Date: |
Mon, 31 Oct 2011 14:29:46 +0100 |
Data we read from the disk isn't necessarily null terminated and may not
contain the string we're looking for. The code needs to be a bit more careful
here.
Signed-off-by: Kevin Wolf <address@hidden>
---
block/vmdk.c | 7 ++++++-
1 files changed, 6 insertions(+), 1 deletions(-)
diff --git a/block/vmdk.c b/block/vmdk.c
index fa0e8bd..8caaf0b 100644
--- a/block/vmdk.c
+++ b/block/vmdk.c
@@ -227,6 +227,7 @@ static uint32_t vmdk_read_cid(BlockDriverState *bs, int
parent)
cid_str_size = sizeof("CID");
}
+ desc[DESC_SIZE - 1] = '\0';
p_name = strstr(desc, cid_str);
if (p_name != NULL) {
p_name += cid_str_size;
@@ -243,13 +244,17 @@ static int vmdk_write_cid(BlockDriverState *bs, uint32_t
cid)
BDRVVmdkState *s = bs->opaque;
int ret;
- memset(desc, 0, sizeof(desc));
ret = bdrv_pread(bs->file, s->desc_offset, desc, DESC_SIZE);
if (ret < 0) {
return ret;
}
+ desc[DESC_SIZE - 1] = '\0';
tmp_str = strstr(desc, "parentCID");
+ if (tmp_str == NULL) {
+ return -EINVAL;
+ }
+
pstrcpy(tmp_desc, sizeof(tmp_desc), tmp_str);
p_name = strstr(desc, "CID");
if (p_name != NULL) {
--
1.7.6.4
- [Qemu-devel] [PATCH 03/55] Teach block/vdi about "discarded" (no longer allocated) blocks, (continued)
- [Qemu-devel] [PATCH 03/55] Teach block/vdi about "discarded" (no longer allocated) blocks, Kevin Wolf, 2011/10/31
- [Qemu-devel] [PATCH 04/55] qcow2: fix some errors and typo in qcow2.txt, Kevin Wolf, 2011/10/31
- [Qemu-devel] [PATCH 05/55] block: Remove dead code, Kevin Wolf, 2011/10/31
- [Qemu-devel] [PATCH 06/55] block: Fix bdrv_open use after free, Kevin Wolf, 2011/10/31
- [Qemu-devel] [PATCH 07/55] qcow: Fix bdrv_write_compressed error handling, Kevin Wolf, 2011/10/31
- [Qemu-devel] [PATCH 09/55] vmdk: Fix use of uninitialised value, Kevin Wolf, 2011/10/31
- [Qemu-devel] [PATCH 08/55] ide: Fix off-by-one error in array index check, Kevin Wolf, 2011/10/31
- [Qemu-devel] [PATCH 12/55] Documentation: Describe NBD URL syntax, Kevin Wolf, 2011/10/31
- [Qemu-devel] [PATCH 13/55] block: fix qcow2_co_flush deadlock, Kevin Wolf, 2011/10/31
- [Qemu-devel] [PATCH 10/55] vmdk: Improve error handling, Kevin Wolf, 2011/10/31
- [Qemu-devel] [PATCH 11/55] vmdk: Fix possible segfaults,
Kevin Wolf <=
- [Qemu-devel] [PATCH 14/55] qemu-io: delete bs instead of leaking it, Kevin Wolf, 2011/10/31
- [Qemu-devel] [PATCH 15/55] block: set bs->read_only before .bdrv_open(), Kevin Wolf, 2011/10/31
- [Qemu-devel] [PATCH 17/55] Documentation: Add syntax for using sheepdog devices, Kevin Wolf, 2011/10/31
- [Qemu-devel] [PATCH 16/55] block: reinitialize across bdrv_close()/bdrv_open(), Kevin Wolf, 2011/10/31
- [Qemu-devel] [PATCH 18/55] scsi: pass correct sense code for ENOMEDIUM, Kevin Wolf, 2011/10/31
- [Qemu-devel] [PATCH 35/55] scsi: allow arbitrary LUNs, Kevin Wolf, 2011/10/31
- [Qemu-devel] [PATCH 33/55] scsi: remove devs array from SCSIBus, Kevin Wolf, 2011/10/31
- [Qemu-devel] [PATCH 38/55] scsi-disk: fix retrying a flush, Kevin Wolf, 2011/10/31
- [Qemu-devel] [PATCH 37/55] scsi-disk: fail READ CAPACITY if LBA != 0 but PMI == 0, Kevin Wolf, 2011/10/31
- [Qemu-devel] [PATCH 45/55] scsi-disk: remove cluster_size, Kevin Wolf, 2011/10/31