[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 2/2] hw/scsi/scsi-disk: Avoid buffer overrun parsing 'loadpar
|
From: |
Kevin Wolf |
|
Subject: |
Re: [PATCH 2/2] hw/scsi/scsi-disk: Avoid buffer overrun parsing 'loadparam' |
|
Date: |
Wed, 20 Nov 2024 10:20:38 +0100 |
Am 20.11.2024 um 09:53 hat Philippe Mathieu-Daudé geschrieben:
> Coverity reported a 1 byte overrun in scsi_property_set_loadparm
> (CID 15657462). Since loadparam[] length is known, simply directly
> allocate it in the device state.
>
> Fixes: 429442e52d ("hw: Add 'loadparm' property to scsi disk devices")
> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Paolo already sent a pull request for a different fix (just allocating
one byte more). I think that's the better approach because other users
might expect the string to actually be null terminated.
Such as scsi_property_get_loadparm(), which you forgot to update:
static char *scsi_property_get_loadparm(Object *obj, Error **errp)
{
return g_strdup(SCSI_DISK_BASE(obj)->loadparm);
}
Kevin