[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 6/8] usb: fix unbounded stack for usb_mtp_add_str
From: |
Peter Xu |
Subject: |
[Qemu-devel] [PATCH 6/8] usb: fix unbounded stack for usb_mtp_add_str |
Date: |
Tue, 8 Mar 2016 15:00:44 +0800 |
Suggested-by: Paolo Bonzini <address@hidden>
CC: Gerd Hoffmann <address@hidden>
Signed-off-by: Peter Xu <address@hidden>
---
hw/usb/dev-mtp.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
index e6dae2f..40fe26e 100644
--- a/hw/usb/dev-mtp.c
+++ b/hw/usb/dev-mtp.c
@@ -718,16 +718,20 @@ static void usb_mtp_add_wstr(MTPData *data, const wchar_t
*str)
static void usb_mtp_add_str(MTPData *data, const char *str)
{
+#define __WSTR_LEN (256)
uint32_t len = strlen(str)+1;
- wchar_t wstr[len];
+ wchar_t wstr[__WSTR_LEN];
size_t ret;
+ assert(len <= __WSTR_LEN);
+
ret = mbstowcs(wstr, str, len);
if (ret == -1) {
usb_mtp_add_wstr(data, L"Oops");
} else {
usb_mtp_add_wstr(data, wstr);
}
+#undef __WSTR_LEN
}
static void usb_mtp_add_time(MTPData *data, time_t time)
--
2.4.3
[Qemu-devel] [PATCH 5/8] usb: fix unbounded stack for inotify_watchfn, Peter Xu, 2016/03/08
Re: [Qemu-devel] [PATCH 5/8] usb: fix unbounded stack for inotify_watchfn, Paolo Bonzini, 2016/03/08
[Qemu-devel] [PATCH 6/8] usb: fix unbounded stack for usb_mtp_add_str,
Peter Xu <=
[Qemu-devel] [PATCH 7/8] migration: fix unbounded stack for source_return_path_thread, Peter Xu, 2016/03/08
[Qemu-devel] [PATCH 8/8] hw/i386: fix unbounded stack for load_multiboot, Peter Xu, 2016/03/08