Re: [PATCH] hw/loongarch/boot.c: fix out-of-bound reading
在 2024/6/28 下午8:39, Dmitry Frolov 写道:
memcpy() is trying to READ 512 bytes from memory,
pointed by info->kernel_cmdline,
which was (presumable) allocated by g_strdup("");
Found with ASAN, making check with enabled sanitizers.
Signed-off-by: Dmitry Frolov
---
hw/loongarch/boot.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/loongarch/boot.c b/hw/loongarch/boot.c
index b8e1aa18d5..cb668703bd 100644
--- a/hw/loongarch/boot.c
+++ b/hw/loongarch/boot.c
@@ -163,7 +163,7 @@ static void init_cmdline(struct loongarch_boot_info *info,
void *p, void *start)
info->a0 = 1;
info->a1 = cmdline_addr;
-memcpy(p, info->kernel_cmdline, COMMAND_LINE_SIZE);
+g_strlcpy(p, info->kernel_cmdline, COMMAND_LINE_SIZE);
}
static uint64_t cpu_loongarch_virt_to_phys(void *opaque, uint64_t addr)
Reviewed-by: Song Gao
Thanks.
Song Gao
[PATCH] hw/loongarch/boot.c: fix out-of-bound reading
memcpy() is trying to READ 512 bytes from memory,
pointed by info->kernel_cmdline,
which was (presumable) allocated by g_strdup("");
Found with ASAN, making check with enabled sanitizers.
Signed-off-by: Dmitry Frolov
---
hw/loongarch/boot.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/loongarch/boot.c b/hw/loongarch/boot.c
index b8e1aa18d5..cb668703bd 100644
--- a/hw/loongarch/boot.c
+++ b/hw/loongarch/boot.c
@@ -163,7 +163,7 @@ static void init_cmdline(struct loongarch_boot_info *info,
void *p, void *start)
info->a0 = 1;
info->a1 = cmdline_addr;
-memcpy(p, info->kernel_cmdline, COMMAND_LINE_SIZE);
+g_strlcpy(p, info->kernel_cmdline, COMMAND_LINE_SIZE);
}
static uint64_t cpu_loongarch_virt_to_phys(void *opaque, uint64_t addr)
--
2.43.0
