Re: [PATCH] hw/loongarch/boot.c: fix out-of-bound reading
在 2024/6/28 下午8:39, Dmitry Frolov 写道: memcpy() is trying to READ 512 bytes from memory, pointed by info->kernel_cmdline, which was (presumable) allocated by g_strdup(""); Found with ASAN, making check with enabled sanitizers. Signed-off-by: Dmitry Frolov --- hw/loongarch/boot.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/loongarch/boot.c b/hw/loongarch/boot.c index b8e1aa18d5..cb668703bd 100644 --- a/hw/loongarch/boot.c +++ b/hw/loongarch/boot.c @@ -163,7 +163,7 @@ static void init_cmdline(struct loongarch_boot_info *info, void *p, void *start) info->a0 = 1; info->a1 = cmdline_addr; -memcpy(p, info->kernel_cmdline, COMMAND_LINE_SIZE); +g_strlcpy(p, info->kernel_cmdline, COMMAND_LINE_SIZE); } static uint64_t cpu_loongarch_virt_to_phys(void *opaque, uint64_t addr) Reviewed-by: Song Gao Thanks. Song Gao
[PATCH] hw/loongarch/boot.c: fix out-of-bound reading
memcpy() is trying to READ 512 bytes from memory, pointed by info->kernel_cmdline, which was (presumable) allocated by g_strdup(""); Found with ASAN, making check with enabled sanitizers. Signed-off-by: Dmitry Frolov --- hw/loongarch/boot.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/loongarch/boot.c b/hw/loongarch/boot.c index b8e1aa18d5..cb668703bd 100644 --- a/hw/loongarch/boot.c +++ b/hw/loongarch/boot.c @@ -163,7 +163,7 @@ static void init_cmdline(struct loongarch_boot_info *info, void *p, void *start) info->a0 = 1; info->a1 = cmdline_addr; -memcpy(p, info->kernel_cmdline, COMMAND_LINE_SIZE); +g_strlcpy(p, info->kernel_cmdline, COMMAND_LINE_SIZE); } static uint64_t cpu_loongarch_virt_to_phys(void *opaque, uint64_t addr) -- 2.43.0