mirror of
https://github.com/qemu/qemu.git
synced 2024-11-28 22:33:36 +08:00
target-ppc: kvm: Fix memory overflow issue about strncat()
strncat() will append additional '\0' to destination buffer, so need additional 1 byte for it, or may cause memory overflow, just like other area within QEMU have done. And can use g_strdup_printf() instead of strncat(), which may be more easier understanding. Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com> Signed-off-by: Alexander Graf <agraf@suse.de>
This commit is contained in:
parent
f58aa48314
commit
cc64b1a194
@ -1782,7 +1782,7 @@ static int kvmppc_find_cpu_dt(char *buf, int buf_len)
|
||||
* format) */
|
||||
static uint64_t kvmppc_read_int_cpu_dt(const char *propname)
|
||||
{
|
||||
char buf[PATH_MAX];
|
||||
char buf[PATH_MAX], *tmp;
|
||||
union {
|
||||
uint32_t v32;
|
||||
uint64_t v64;
|
||||
@ -1794,10 +1794,10 @@ static uint64_t kvmppc_read_int_cpu_dt(const char *propname)
|
||||
return -1;
|
||||
}
|
||||
|
||||
strncat(buf, "/", sizeof(buf) - strlen(buf));
|
||||
strncat(buf, propname, sizeof(buf) - strlen(buf));
|
||||
tmp = g_strdup_printf("%s/%s", buf, propname);
|
||||
|
||||
f = fopen(buf, "rb");
|
||||
f = fopen(tmp, "rb");
|
||||
g_free(tmp);
|
||||
if (!f) {
|
||||
return -1;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user