aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFam Zheng <famz@redhat.com>2013-10-11 19:48:29 +0800
committerKevin Wolf <kwolf@redhat.com>2013-10-11 16:50:02 +0200
commit899f1ae219d5eaa96a53c996026cb0178d62a86d (patch)
tree4a4f7535a0a3159ae9110426a864ef8455eee073
parentb681072d2005911b79835d2a6af208eba3983a48 (diff)
downloadqemu-899f1ae219d5eaa96a53c996026cb0178d62a86d.zip
qemu-899f1ae219d5eaa96a53c996026cb0178d62a86d.tar.gz
qemu-899f1ae219d5eaa96a53c996026cb0178d62a86d.tar.bz2
vmdk: Fix vmdk_parse_extents
An extra 'p++' after while loop when *p == '\n' will move p to unknown data position, risking parsing junk data or memory access violation. Cc: qemu-stable@nongnu.org Signed-off-by: Fam Zheng <famz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-rw-r--r--block/vmdk.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/block/vmdk.c b/block/vmdk.c
index 709aa3d..5a9f278 100644
--- a/block/vmdk.c
+++ b/block/vmdk.c
@@ -772,10 +772,13 @@ static int vmdk_parse_extents(const char *desc, BlockDriverState *bs,
}
next_line:
/* move to next line */
- while (*p && *p != '\n') {
+ while (*p) {
+ if (*p == '\n') {
+ p++;
+ break;
+ }
p++;
}
- p++;
}
return 0;
}