diff options
| author | Daan De Meyer <daan.j.demeyer@gmail.com> | 2025-03-23 22:35:54 +0100 |
|---|---|---|
| committer | Philippe Mathieu-Daudé <philmd@linaro.org> | 2025-04-08 20:45:13 +0200 |
| commit | a7a05f5f6a4085afbede315e749b1c67e78c966b (patch) | |
| tree | d47a182f5030450dadf308f90b50e8e3b3b0ff97 | |
| parent | dfaecc04c46d298e9ee81bd0ca96d8754f1c27ed (diff) | |
| download | qemu-a7a05f5f6a4085afbede315e749b1c67e78c966b.zip qemu-a7a05f5f6a4085afbede315e749b1c67e78c966b.tar.gz qemu-a7a05f5f6a4085afbede315e749b1c67e78c966b.tar.bz2 | |
smbios: Fix buffer overrun when using path= option
We have to make sure the array of bytes read from the path= file
is null-terminated, otherwise we run into a buffer overrun later on.
Fixes: bb99f4772f54017490e3356ecbb3df25c5d4537f ("hw/smbios: support loading OEM strings values from a file")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2879
Signed-off-by: Daan De Meyer <daan.j.demeyer@gmail.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Tested-by: Valentin David <valentin.david@canonical.com>
Message-ID: <20250323213622.2581013-1-daan.j.demeyer@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
| -rw-r--r-- | hw/smbios/smbios.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/hw/smbios/smbios.c b/hw/smbios/smbios.c index 02a09eb..ad4cd67 100644 --- a/hw/smbios/smbios.c +++ b/hw/smbios/smbios.c @@ -1285,6 +1285,9 @@ static int save_opt_one(void *opaque, g_byte_array_append(data, (guint8 *)buf, ret); } + buf[0] = '\0'; + g_byte_array_append(data, (guint8 *)buf, 1); + qemu_close(fd); *opt->dest = g_renew(char *, *opt->dest, (*opt->ndest) + 1); |