diff options
author | P J P <ppandit@redhat.com> | 2015-12-21 15:13:13 +0530 |
---|---|---|
committer | Paolo Bonzini <pbonzini@redhat.com> | 2016-01-15 18:58:01 +0100 |
commit | 36fef36b91f7ec0435215860f1458b5342ce2811 (patch) | |
tree | 8e0eff5468fe0ad660b6061143a3e9693f308de0 /hw | |
parent | 4c1396cb576c9b14425558b73de1584c7a9735d7 (diff) | |
download | qemu-36fef36b91f7ec0435215860f1458b5342ce2811.zip qemu-36fef36b91f7ec0435215860f1458b5342ce2811.tar.gz qemu-36fef36b91f7ec0435215860f1458b5342ce2811.tar.bz2 |
scsi: initialise info object with appropriate size
While processing controller 'CTRL_GET_INFO' command, the routine
'megasas_ctrl_get_info' overflows the '&info' object size. Use its
appropriate size to null initialise it.
Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <alpine.LFD.2.20.1512211501420.22471@wniryva>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: P J P <ppandit@redhat.com>
Diffstat (limited to 'hw')
-rw-r--r-- | hw/scsi/megasas.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c index d7dc667..576f56c 100644 --- a/hw/scsi/megasas.c +++ b/hw/scsi/megasas.c @@ -718,7 +718,7 @@ static int megasas_ctrl_get_info(MegasasState *s, MegasasCmd *cmd) BusChild *kid; int num_pd_disks = 0; - memset(&info, 0x0, cmd->iov_size); + memset(&info, 0x0, dcmd_size); if (cmd->iov_size < dcmd_size) { trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size, dcmd_size); |