On 1/25/26 07:42, Akihiko Odaki wrote:
Ensure the buffer in vfio_pci_host_match() will not overflow even when
an invalid addr parameter is provided.
Signed-off-by: Akihiko Odaki <[email protected]>
---
hw/vfio/pci.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
index c73447272141..3338c4d7b528 100644
--- a/hw/vfio/pci.c
+++ b/hw/vfio/pci.c
@@ -2673,7 +2673,7 @@ void vfio_pci_post_reset(VFIOPCIDevice *vdev)
bool vfio_pci_host_match(PCIHostDeviceAddress *addr, const char *name)
{
- char tmp[13];
+ char tmp[36];
sprintf(tmp, "%04x:%02x:%02x.%1x", addr->domain,
addr->bus, addr->slot, addr->function);
Using a g_autofree variable seems possible too :
g_autofree char *tmp =
g_strdup_printf("%04x:%02x:%02x.%1x", addr->domain, addr->bus,
addr->slot, addr->function);
vfio_pci_host_match() could be moved under container-legacy.c, with
an assert on addr too.
Thanks,
C.
