target-ppc: kvm: Fix memory overflow issue about strncat()

strncat() will append additional '\0' to destination buffer, so need additional 1 byte for it, or may cause memory overflow, just like other area within QEMU have done. And can use g_strdup_printf() instead of strncat(), which may be more easier understanding. Signed-off-by: N Chen Gang <gang.chen.5i5j@gmail.com> Signed-off-by: N Alexander Graf <agraf@suse.de>

target-ppc: kvm: Fix memory overflow issue about strncat()
strncat() will append additional '\0' to destination buffer, so need additional 1 byte for it, or may cause memory overflow, just like other area within QEMU have done. And can use g_strdup_printf() instead of strncat(), which may be more easier understanding. Signed-off-by: N Chen Gang <gang.chen.5i5j@gmail.com> Signed-off-by: N Alexander Graf <agraf@suse.de>
cc64b1a1 · Chen Gang · Alexander Graf · f58aa483 · cc64b1a1
隐藏空白更改
内联并排

Showing with 4 addition and 4 deletion

target-ppc/kvm.c target-ppc/kvm.c +4 -4

未找到文件。
--- a/target-ppc/kvm.c
+++ b/target-ppc/kvm.c
@@ -1782,7 +1782,7 @@ static int kvmppc_find_cpu_dt(char *buf, int buf_len)
 * format) */
 static uint64_t kvmppc_read_int_cpu_dt(const char *propname)
 {
-    char buf[PATH_MAX];
+    char buf[PATH_MAX], *tmp;
    union {
        uint32_t v32;
        uint64_t v64;
@@ -1794,10 +1794,10 @@ static uint64_t kvmppc_read_int_cpu_dt(const char *propname)
        return -1;
    }

-    strncat(buf, "/", sizeof(buf) - strlen(buf));
-    strncat(buf, propname, sizeof(buf) - strlen(buf));
+    tmp = g_strdup_printf("%s/%s", buf, propname);

-    f = fopen(buf, "rb");
+    f = fopen(tmp, "rb");
+    g_free(tmp);
    if (!f) {
        return -1;
    }