On 13.10.14 16:36, Chen Gang wrote:
> strncat() will append additional '\0' to destination buffer, so need
> additional 1 byte for it, or may cause memory overflow, just like other
> area within QEMU have done.
>
> Signed-off-by: Chen Gang <gang.chen.5...@gmail.com>
I agree with this patch. However, the code is pretty ugly - I'm sure it
must've been me who wrote it :).
Could you please instead rewrite it to use g_strdup_printf() rather than
strncat()s? That way we resolve all string pitfalls automatically - and
this code is not the fast path, so doing an extra memory allocation is ok.
Alex
> ---
> target-ppc/kvm.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/target-ppc/kvm.c b/target-ppc/kvm.c
> index 9c23c6b..66e7ce5 100644
> --- a/target-ppc/kvm.c
> +++ b/target-ppc/kvm.c
> @@ -1794,8 +1794,8 @@ static uint64_t kvmppc_read_int_cpu_dt(const char
> *propname)
> return -1;
> }
>
> - strncat(buf, "/", sizeof(buf) - strlen(buf));
> - strncat(buf, propname, sizeof(buf) - strlen(buf));
> + strncat(buf, "/", sizeof(buf) - strlen(buf) - 1);
> + strncat(buf, propname, sizeof(buf) - strlen(buf) - 1);
>
> f = fopen(buf, "rb");
> if (!f) {
>
