+Valentin On 23/3/25 22:35, Daan De Meyer wrote:
We have to make sure the array of bytes read from the path= file is null-terminated, otherwise we run into a buffer overrun later on.Fixes: bb99f4772f54017490e3356ecbb3df25c5d4537f ("hw/smbios: support loading OEM strings values from a file") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2879 Signed-off-by: Daan De Meyer <[email protected]> --- hw/smbios/smbios.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hw/smbios/smbios.c b/hw/smbios/smbios.c index 02a09eb9cd..ad4cd6721e 100644 --- a/hw/smbios/smbios.c +++ b/hw/smbios/smbios.c @@ -1285,6 +1285,9 @@ static int save_opt_one(void *opaque, g_byte_array_append(data, (guint8 *)buf, ret); }+ buf[0] = '\0';+ g_byte_array_append(data, (guint8 *)buf, 1); + qemu_close(fd);*opt->dest = g_renew(char *, *opt->dest, (*opt->ndest) + 1);
