qemu: Fix off-by-one error while unescaping monitor strings

While unescaping the commands the commands passed through to the monitor function qemuMonitorUnescapeArg() initialized lenght of the input string to strlen()+1 which is fine for alloc but not for iteration of the string. This patch fixes the off-by-one error and drops the pointless check for a single trailing slash that is automaticaly handled by the default branch of switch.

qemu: Fix off-by-one error while unescaping monitor strings
While unescaping the commands the commands passed through to the monitor function qemuMonitorUnescapeArg() initialized lenght of the input string to strlen()+1 which is fine for alloc but not for iteration of the string. This patch fixes the off-by-one error and drops the pointless check for a single trailing slash that is automaticaly handled by the default branch of switch.
0f4660c8 · Peter Krempa · 5b474026 · 0f4660c8
隐藏空白更改
内联并排

Showing with 3 addition and 8 deletion

src/qemu/qemu_monitor.c src/qemu/qemu_monitor.c +3 -8

未找到文件。
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -161,20 +161,15 @@ char *qemuMonitorUnescapeArg(const char *in)
 {
    int i, j;
    char *out;
-    int len = strlen(in) + 1;
+    int len = strlen(in);
    char next;
-    if (VIR_ALLOC_N(out, len) < 0)
+    if (VIR_ALLOC_N(out, len + 1) < 0)
        return NULL;
    for (i = j = 0; i < len; ++i) {
        next = in[i];
        if (in[i] == '\\') {
-            if (len < i + 1) {
-                /* trailing backslash shouldn't be possible */
-                VIR_FREE(out);
-                return NULL;
-            }
            ++i;
            switch(in[i]) {
            case 'r':
@@ -188,7 +183,7 @@ char *qemuMonitorUnescapeArg(const char *in)
                next = in[i];
                break;
            default:
-                /* invalid input */
+                /* invalid input (including trailing '\' at end of in) */
                VIR_FREE(out);
                return NULL;
            }