|
From: | Philippe Mathieu-Daudé |
Subject: | Re: [PATCH] target/s390x/arch_dump: Fix memory corruption in s390x_write_elf64_notes() |
Date: | Tue, 14 Feb 2023 15:58:18 +0100 |
User-agent: | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.7.2 |
On 14/2/23 15:10, Thomas Huth wrote:
"note_size" can be smaller than sizeof(note), so unconditionally calling memset(notep, 0, sizeof(note)) could cause a memory corruption here in case notep has been allocated dynamically, thus let's use note_size as length argument for memset() instead.
Correct. I wonder why use one notep* pointing to a stack allocated or a heap allocated buffer. This isn't hot path, one heap use could simplify this code complexity IMO.
Fixes: 113d8f4e95 ("s390x: pv: Add dump support") Signed-off-by: Thomas Huth <thuth@redhat.com> --- target/s390x/arch_dump.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
[Prev in Thread] | Current Thread | [Next in Thread] |