aboutsummaryrefslogtreecommitdiff
path: root/hw/scsi/scsi-disk.c
diff options
context:
space:
mode:
authorPaolo Bonzini <pbonzini@redhat.com>2024-11-19 22:31:22 +0100
committerPaolo Bonzini <pbonzini@redhat.com>2024-11-20 01:29:29 +0100
commitb73d7eff1eedb2399cd594bc872d5db13506d951 (patch)
tree396c6bbe97f192328f45043c5a946e6984cd92d1 /hw/scsi/scsi-disk.c
parent37ee17eebb93eb485fc122452a4c7e9202a8b449 (diff)
downloadqemu-b73d7eff1eedb2399cd594bc872d5db13506d951.zip
qemu-b73d7eff1eedb2399cd594bc872d5db13506d951.tar.gz
qemu-b73d7eff1eedb2399cd594bc872d5db13506d951.tar.bz2
scsi: fix allocation for s390x loadparm
Coverity reports a possible buffer overrun due to a non-NUL-terminated string in scsi_property_set_loadparm(). While things are not so easy, because qdev_prop_sanitize_s390x_loadparm is designed to operate on a buffer that is not NUL-terminated, in this case the string *does* have to be NUL-terminated because it is read by scsi_property_get_loadparm and s390_build_iplb. Reviewed-by: jrossi@linux.ibm.com Cc: thuth@redhat.com Fixes: 429442e52d9 ("hw: Add "loadparm" property to scsi disk devices for booting on s390x", 2024-11-18) Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'hw/scsi/scsi-disk.c')
-rw-r--r--hw/scsi/scsi-disk.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
index 8e55348..7f13b05 100644
--- a/hw/scsi/scsi-disk.c
+++ b/hw/scsi/scsi-disk.c
@@ -3152,7 +3152,7 @@ static void scsi_property_set_loadparm(Object *obj, const char *value,
return;
}
- lp_str = g_malloc0(strlen(value));
+ lp_str = g_malloc0(strlen(value) + 1);
if (!qdev_prop_sanitize_s390x_loadparm(lp_str, value, errp)) {
g_free(lp_str);
return;