[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 7/8] s390: Add SCLP vt220 console support
|
From: |
Alexander Graf |
|
Subject: |
Re: [Qemu-devel] [PATCH 7/8] s390: Add SCLP vt220 console support |
|
Date: |
Wed, 13 Jun 2012 09:53:12 +0200 |
|
User-agent: |
Thunderbird 2.0.0.23 (X11/20090817) |
Heinz Graalfs wrote:
> On Tue, 2012-06-12 at 13:52 +0200, Alexander Graf wrote:
>
>> On 06/06/2012 02:05 PM, Jens Freimann wrote:
>>
>>> From: Heinz Graalfs<address@hidden>
>>>
>>>
[...]
>>> +static void chr_read_vt220(void *opaque, const uint8_t *buf, int size)
>>> +{
>>> + char *offset;
>>> +
>>> + if (!sclp_console_data_vt220) {
>>> + size_buffer = 2 * size;
>>>
>> Why 2*?
>>
>>
>
> OK, will change to exact size plus 1 for trailing 0
>
This happens in more than one place btw :).
>
>
>>> + free(sclp_console_data_vt220);
>>> + size_buffer = 2 * size;
>>> + sclp_console_data_vt220 = malloc(size_buffer);
>>> + }
>>> + offset = sclp_console_data_vt220;
>>> + if (offset) {
>>> + memcpy(offset, buf, size);
>>> + offset += size;
>>> + *offset = '\0';
>>>
>> How do you know you're not out of bounds?
>>
>>
> OK, size + 1
>
I was more thinking of the memcpy(some_variable, ..., n) where you never
check if available_space(some_variable) > n, no?
Alex
[Qemu-devel] [PATCH 5/8] s390: Cleanup sclp functions, Jens Freimann, 2012/06/06