[Qemu-devel] [PATCH] target-ppc: kvm: Fix memory overflow issue about strncat()

Chen Gang Mon, 13 Oct 2014 07:31:55 -0700

strncat() will append additional '\0' to destination buffer, so need
additional 1 byte for it, or may cause memory overflow, just like other
area within QEMU have done.


Signed-off-by: Chen Gang <gang.chen.5...@gmail.com>
---
 target-ppc/kvm.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target-ppc/kvm.c b/target-ppc/kvm.c
index 9c23c6b..66e7ce5 100644
--- a/target-ppc/kvm.c
+++ b/target-ppc/kvm.c
@@ -1794,8 +1794,8 @@ static uint64_t kvmppc_read_int_cpu_dt(const char 
*propname)
         return -1;
     }
 
-    strncat(buf, "/", sizeof(buf) - strlen(buf));
-    strncat(buf, propname, sizeof(buf) - strlen(buf));
+    strncat(buf, "/", sizeof(buf) - strlen(buf) - 1);
+    strncat(buf, propname, sizeof(buf) - strlen(buf) - 1);
 
     f = fopen(buf, "rb");
     if (!f) {
-- 
1.9.3

[Qemu-devel] [PATCH] target-ppc: kvm: Fix memory overflow issue about strncat()

Reply via email to