[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 1/1 v3] Allow machines to configure the QEMU_VER
|
From: |
Crístian Viana |
|
Subject: |
Re: [Qemu-devel] [PATCH 1/1 v3] Allow machines to configure the QEMU_VERSION that's exposed via hardware |
|
Date: |
Fri, 13 Apr 2012 16:59:07 -0300 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20120331 Thunderbird/11.0.1 |
On 13-04-2012 16:26, Eric Blake wrote:
> qemu_get_version returns whatever string got put there by
> qemu_set_version. Am I correct that the user has full control over the
> string passed to qemu_set_version?
Actually, this is not available to the user, the string passed to that
function is supposed to be hard coded into hw/pc_piix.c.
> If so, then you have a bug in
> nseries.c: sprintf() is asking for a buffer overflow. Remember,
> QEMU_VERSION has a compile-time fixed length, but if qemu_get_version()
> is an arbitrary user string, you no longer have a guarantee that you fit
> in version[12].
Well, I also noticed that in some places, the version buffer is 12 char
long, in other places it is 32 char long... we could set a maximum
length and make sure the string won't cause a buffer overflow (with
snprintf or some other variant).
> Besides, since you are only pasting in a single string,
> you could do this more efficiently through a strcat() variant instead of
> switching to snprintf() (I'm not sure off-hand which qemu_* function is
> best for your purpose, but there's probably something out there).
I'll try that.
Thanks!
--
Best regards,
Crístian.