On 20/11/24 10:20, Kevin Wolf wrote:
Am 20.11.2024 um 09:53 hat Philippe Mathieu-Daudé geschrieben:
Coverity reported a 1 byte overrun in scsi_property_set_loadparm
(CID 15657462). Since loadparam[] length is known, simply directly
allocate it in the device state.
Fixes: 429442e52d ("hw: Add 'loadparm' property to scsi disk devices")
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Paolo already sent a pull request for a different fix (just allocating
one byte more). I think that's the better approach because other users
might expect the string to actually be null terminated.
Such as scsi_property_get_loadparm(), which you forgot to update:
static char *scsi_property_get_loadparm(Object *obj, Error **errp)
{
return g_strdup(SCSI_DISK_BASE(obj)->loadparm);
}
Yeah I missed that.
Maybe consider the first patch as cleanup for 10.0? I can repost later.
Regards,
Phil.
