Re: [Qemu-devel] [PATCH] file-posix: clean up max

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] file-posix: clean up max_segments buffer termin

From:	Kevin Wolf
Subject:	Re: [Qemu-devel] [PATCH] file-posix: clean up max_segments buffer termination
Date:	Tue, 14 Mar 2017 10:25:49 +0100
User-agent:	Mutt/1.5.21 (2010-09-15)

Am 14.03.2017 um 10:09 hat Stefan Hajnoczi geschrieben:
> The following pattern is unsafe:
> 
>   char buf[32];
>   ret = read(fd, buf, sizeof(buf));
>   ...
>   buf[ret] = 0;
> 
> If read(2) returns 32 then a byte beyond the end of the buffer is
> zeroed.
> 
> In practice this buffer overflow does not occur because the sysfs
> max_segments file only contains an unsigned short + '\n'.  The string is
> always shorter than 32 bytes.
> 
> Regardless, avoid this pattern because static analysis tools might
> complain and it could lead to real buffer overflows if copy-pasted
> elsewhere in the codebase.
> 
> Signed-off-by: Stefan Hajnoczi <address@hidden>

Oops. I should have found this during review. Thanks for catching it.

Thanks, applied to the block branch.

Kevin

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH] file-posix: clean up max_segments buffer termination, Stefan Hajnoczi, 2017/03/14
- Re: [Qemu-devel] [PATCH] file-posix: clean up max_segments buffer termination, Kevin Wolf <=
- Re: [Qemu-devel] [PATCH] file-posix: clean up max_segments buffer termination, Fam Zheng, 2017/03/14

Prev by Date: Re: [Qemu-devel] KVM call for 2017-03-14
Next by Date: Re: [Qemu-devel] [PATCH V3 2/3] virtio: destroy region cache during reset
Previous by thread: [Qemu-devel] [PATCH] file-posix: clean up max_segments buffer termination
Next by thread: Re: [Qemu-devel] [PATCH] file-posix: clean up max_segments buffer termination
Index(es):
- Date
- Thread