diff options
author | Paolo Bonzini <pbonzini@redhat.com> | 2024-11-19 22:31:22 +0100 |
---|---|---|
committer | Paolo Bonzini <pbonzini@redhat.com> | 2024-11-20 01:29:29 +0100 |
commit | b73d7eff1eedb2399cd594bc872d5db13506d951 (patch) | |
tree | 396c6bbe97f192328f45043c5a946e6984cd92d1 /hw/scsi/scsi-disk.c | |
parent | 37ee17eebb93eb485fc122452a4c7e9202a8b449 (diff) | |
download | qemu-b73d7eff1eedb2399cd594bc872d5db13506d951.zip qemu-b73d7eff1eedb2399cd594bc872d5db13506d951.tar.gz qemu-b73d7eff1eedb2399cd594bc872d5db13506d951.tar.bz2 |
scsi: fix allocation for s390x loadparm
Coverity reports a possible buffer overrun due to a non-NUL-terminated
string in scsi_property_set_loadparm(). While things are not so easy,
because qdev_prop_sanitize_s390x_loadparm is designed to operate on a
buffer that is not NUL-terminated, in this case the string *does* have
to be NUL-terminated because it is read by scsi_property_get_loadparm
and s390_build_iplb.
Reviewed-by: jrossi@linux.ibm.com
Cc: thuth@redhat.com
Fixes: 429442e52d9 ("hw: Add "loadparm" property to scsi disk devices for booting on s390x", 2024-11-18)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'hw/scsi/scsi-disk.c')
-rw-r--r-- | hw/scsi/scsi-disk.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c index 8e55348..7f13b05 100644 --- a/hw/scsi/scsi-disk.c +++ b/hw/scsi/scsi-disk.c @@ -3152,7 +3152,7 @@ static void scsi_property_set_loadparm(Object *obj, const char *value, return; } - lp_str = g_malloc0(strlen(value)); + lp_str = g_malloc0(strlen(value) + 1); if (!qdev_prop_sanitize_s390x_loadparm(lp_str, value, errp)) { g_free(lp_str); return; |