提交 2b6a43a8 编写于 作者: P Paolo Bonzini 提交者: Kevin Wolf

vvfat: fix out of bounds array_get usage

When reading the address of the first free entry, you cannot
use array_get without first marking all entries as occupied.

This is visible if you change the sectors per cluster on a
floppy from 2 to 1.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NKevin Wolf <kwolf@redhat.com>
上级 756f51e4
...@@ -799,6 +799,7 @@ static int read_directory(BDRVVVFATState* s, int mapping_index) ...@@ -799,6 +799,7 @@ static int read_directory(BDRVVVFATState* s, int mapping_index)
/* root directory */ /* root directory */
int cur = s->directory.next; int cur = s->directory.next;
array_ensure_allocated(&(s->directory), ROOT_ENTRIES - 1); array_ensure_allocated(&(s->directory), ROOT_ENTRIES - 1);
s->directory.next = ROOT_ENTRIES;
memset(array_get(&(s->directory), cur), 0, memset(array_get(&(s->directory), cur), 0,
(ROOT_ENTRIES - cur) * sizeof(direntry_t)); (ROOT_ENTRIES - cur) * sizeof(direntry_t));
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册