On Fri, Mar 27, 2026 at 10:13:26 +0100, Michal Privoznik via Devel wrote: > From: Michal Privoznik <[email protected]> > > Inside of virPCIDeviceReadClass() there's a call to > virFileReadAll(). This reads contents of given file into a buffer > (id_str). To make sure the buffer is NUL terminated string > there's then write of NUL byte at 9th position of the buffer. > Well, this is redundant as virFileReadAll() made sure the buffer > is properly terminated on success (transitively¸ via > saferead_lim()). But it is also wrong, because there's no > guarantee the file is more than 8 bytes long.
I've just posted an more extensive series, which also documents virFileReadAll to prevent such misunderstandings, fixes one more instance of the same problem which didn't yet manifest itself because the overwritten byte was exactly the NUL terminator, and removes few other redundant attempts to NUL-out the end of the buffer from virFileReadAll and friends. > Just remove the NUL termination and rely on virFileReadAll() to > properly terminate the buffer. If you want to push this now you can: Reviewed-by: Peter Krempa <[email protected]>
