SYS-OSS/FRET-qemu
4
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

scsi: fix allocation for s390x loadparm

Browse Source 
Coverity reports a possible buffer overrun due to a non-NUL-terminated
string in scsi_property_set_loadparm().  While things are not so easy,
because qdev_prop_sanitize_s390x_loadparm is designed to operate on a
buffer that is not NUL-terminated, in this case the string *does* have
to be NUL-terminated because it is read by scsi_property_get_loadparm
and s390_build_iplb.

Reviewed-by: jrossi@linux.ibm.com
Cc: thuth@redhat.com
Fixes: 429442e52d9 ("hw: Add "loadparm" property to scsi disk devices for booting on s390x", 2024-11-18)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This commit is contained in:
Paolo Bonzini 2024-11-19 22:31:22 +01:00
parent 37ee17eebb
commit b73d7eff1e
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hw/scsi/scsi-disk.c
View File

@ -3152,7 +3152,7 @@ static void scsi_property_set_loadparm(Object *obj, const char *value,
return;
}
lp_str = g_malloc0(strlen(value));
lp_str = g_malloc0(strlen(value) + 1);
if (!qdev_prop_sanitize_s390x_loadparm(lp_str, value, errp)) {
g_free(lp_str);
return;