Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.1/patches/2229567/?format=api
{ "id": 2229567, "url": "http://patchwork.ozlabs.org/api/1.1/patches/2229567/?format=api", "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/patch/20260428074614.3169999-1-physicalmtea@gmail.com/", "project": { "id": 14, "url": "http://patchwork.ozlabs.org/api/1.1/projects/14/?format=api", "name": "QEMU Development", "link_name": "qemu-devel", "list_id": "qemu-devel.nongnu.org", "list_email": "qemu-devel@nongnu.org", "web_url": "", "scm_url": "", "webscm_url": "" }, "msgid": "<20260428074614.3169999-1-physicalmtea@gmail.com>", "date": "2026-04-28T07:46:14", "name": "9pfs: fix deep path truncation in V9fsPath", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "767e7c61fefd8f6405dd9e74b2f8a3fdde992818", "submitter": { "id": 93269, "url": "http://patchwork.ozlabs.org/api/1.1/people/93269/?format=api", "name": "Jia Jia", "email": "physicalmtea@gmail.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/qemu-devel/patch/20260428074614.3169999-1-physicalmtea@gmail.com/mbox/", "series": [ { "id": 501853, "url": "http://patchwork.ozlabs.org/api/1.1/series/501853/?format=api", "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/list/?series=501853", "date": "2026-04-28T07:46:14", "name": "9pfs: fix deep path truncation in V9fsPath", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/501853/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2229567/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2229567/checks/", "tags": {}, "headers": { "Return-Path": "<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20251104 header.b=oiQaEugf;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists1p.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)" ], "Received": [ "from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g4hKn3vLTz1xvV\n\tfor <incoming@patchwork.ozlabs.org>; Tue, 28 Apr 2026 23:36:28 +1000 (AEST)", "from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists1p.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from <qemu-devel-bounces@nongnu.org>)\n\tid 1wHibQ-0005W3-He; Tue, 28 Apr 2026 09:35:52 -0400", "from eggs.gnu.org ([2001:470:142:3::10])\n by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <physicalmtea@gmail.com>)\n id 1wHd9H-0006ug-J3\n for qemu-devel@nongnu.org; Tue, 28 Apr 2026 03:46:28 -0400", "from mail-pl1-x634.google.com ([2607:f8b0:4864:20::634])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.90_1) (envelope-from <physicalmtea@gmail.com>)\n id 1wHd9E-0007Q9-Kj\n for qemu-devel@nongnu.org; Tue, 28 Apr 2026 03:46:27 -0400", "by mail-pl1-x634.google.com with SMTP id\n d9443c01a7336-2aaed195901so48031225ad.0\n for <qemu-devel@nongnu.org>; Tue, 28 Apr 2026 00:46:21 -0700 (PDT)", "from localhost.localdomain ([114.249.134.218])\n by smtp.gmail.com with ESMTPSA id\n d9443c01a7336-2b97ac8d439sm15827065ad.66.2026.04.28.00.46.17\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Tue, 28 Apr 2026 00:46:19 -0700 (PDT)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=gmail.com; s=20251104; t=1777362380; x=1777967180; darn=nongnu.org;\n h=content-transfer-encoding:mime-version:message-id:date:subject:cc\n :to:from:from:to:cc:subject:date:message-id:reply-to;\n bh=Okk7PHtNIH6eCXbqPcBsp6vGhTSqfqbaB8Ruqvlhhrw=;\n b=oiQaEugfHlym6b+GZe3A8ILgK1jjVsrZCrM1ufKJMDjbCmbrp1DOLM8PBC1xxPyuy7\n 4+E19sz+WqXwdomkL7pa6Zb6+xC7nkOMeUZoZUw6mI4NDaM3y0F+M74AZY9BpUJLecsH\n Rss6xaeD1m3HP7kmWTdPXu+oiYJRzxUaGLGdKKsr9kkWwj6ZjTWrrrZs8+YHPyoxkfEM\n 9FVtLYA5rfQdEShWjwlr5KyomslZzmMqp80DddbdLOSAG25ceccjn03DpnmTqXieIawi\n c8w79IjBHSfTNel5b4oq2NbNwrfi5pX1J9CxF65rz72tzmFf0jV+0/SOg48ZE3hRft0c\n 4Pag==", "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1777362380; x=1777967180;\n h=content-transfer-encoding:mime-version:message-id:date:subject:cc\n :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date\n :message-id:reply-to;\n bh=Okk7PHtNIH6eCXbqPcBsp6vGhTSqfqbaB8Ruqvlhhrw=;\n b=Lg6r6DKA3Cy78si2oFPHgjW6ipi5fXz4WUTgeuxQIg3G/qEGnZj4GBXnzuJxHTsz+w\n GOT88nSb72YUNbvzABR66Eattx38XEjqwzSkXsxJUa+scG+7N/YD2t4oSUiVsDuGnQHQ\n BbMBWU/aFLfdFwTxqcGHhEm202BeYGyhG2pLwpan785gX6AvCWxxKU7ASxsGgf3c6zQI\n DtzH3a5F/jCc+Q7R01g12uGHVkoXLRjhCEFiB7bYwUXwJQbIkz0FmRnysxOyhhBfxR08\n GYpSIp0nlxqmXGhDJcNJO5IxEIEvOYCGq4EDco+WQo3b8u6Ux34LIkzVhvh2F9vwzgFp\n /BeA==", "X-Gm-Message-State": "AOJu0Yzg0WOrWAyQHSUPo95N61zGEtRBxCiUbuW9UIm3xV1C8L/Vp3zX\n 02Hi2auvjpiqT7BSxJ9Mf65woLaegnOcGUPifRgj7wPooGQ/Gy5gB2lbgh182A==", "X-Gm-Gg": "AeBDievCeqI8MaX1WUXXuAc4vQ4dcTi2ycPsVkQVyWyNR8PkjAd17CUuIBKGrAPjkpw\n U+gSH2N5BqCky/DW4OSEHKplz7GUdcp+NFyt/hQ+r8CFIFw8m27ER4nzAbG6xvR3+XNtz5sQn9M\n 7u9M+tLkvRHt9MuMW09DAv3mCW4RNJCZ2TqN/GsJfDPTqXqvuGZBSf+BxCmyEqfJxlNbqFw0mnp\n WXenphYT21cZQIh2jlN7Hq8z2BnS9eAb3lnagt5ZlWKksVCAmzOiPGBvHtUe6sY2uFcDvpeiUbT\n dhJtGLYdxCQTU2qRd1NuB+WUl6fvohcgjCBLBCn232Gzq+LJHXKBFBmXMFuaTCFLjajOEH8zanZ\n c1uVRZaQnzZNNUFDIlGYFexVMnH+apZNqK3u00ocTA9aak+hAVvIuJwSiaHLPx6M0cdvOHjVvQc\n qovpG8Q9ePHw0eQeRkrhgly8FselmNrdt/iUEufCufmvAPrzPk7UA=", "X-Received": "by 2002:a17:903:388c:b0:2b4:5dff:310f with SMTP id\n d9443c01a7336-2b97c4b744cmr20689325ad.34.1777362379855;\n Tue, 28 Apr 2026 00:46:19 -0700 (PDT)", "From": "Jia Jia <physicalmtea@gmail.com>", "To": "qemu-devel@nongnu.org", "Cc": "Christian Schoenebeck <qemu_oss@crudebyte.com>,\n Greg Kurz <groug@kaod.org>,\n qemu-stable@nongnu.org", "Subject": "[PATCH] 9pfs: fix deep path truncation in V9fsPath", "Date": "Tue, 28 Apr 2026 15:46:14 +0800", "Message-Id": "<20260428074614.3169999-1-physicalmtea@gmail.com>", "X-Mailer": "git-send-email 2.34.1", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Received-SPF": "pass client-ip=2607:f8b0:4864:20::634;\n envelope-from=physicalmtea@gmail.com; helo=mail-pl1-x634.google.com", "X-Spam_score_int": "-20", "X-Spam_score": "-2.1", "X-Spam_bar": "--", "X-Spam_report": "(-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,\n DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,\n RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,\n SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no", "X-Spam_action": "no action", "X-Mailman-Approved-At": "Tue, 28 Apr 2026 09:35:50 -0400", "X-BeenThere": "qemu-devel@nongnu.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "qemu development <qemu-devel.nongnu.org>", "List-Unsubscribe": "<https://lists.nongnu.org/mailman/options/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>", "List-Archive": "<https://lists.nongnu.org/archive/html/qemu-devel>", "List-Post": "<mailto:qemu-devel@nongnu.org>", "List-Help": "<mailto:qemu-devel-request@nongnu.org?subject=help>", "List-Subscribe": "<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=subscribe>", "Errors-To": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org", "Sender": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org" }, "content": "V9fsPath.size tracks the length of backend path data. Storing it in a\nuint16_t truncates local backend paths longer than 65535 bytes, so later\npath copies can end up much smaller than the string data they are\nsupposed to describe.\n\nA guest can reach this with normal 9p filesystem operations by creating\nand walking a sufficiently deep directory tree on the local backend. On\nan ASan build, calling readdir() in that deep directory aborts the host\nprocess with:\n\n ERROR: AddressSanitizer: heap-buffer-overflow\n #0 __interceptor_strrchr\n #1 g_path_get_dirname\n #2 local_lstat\n #3 v9fs_co_lstat\n #4 v9fs_getattr\n\nFix this by storing V9fsPath lengths in size_t.\n\nResolves: https://gitlab.com/qemu-project/qemu/-/work_items/3358\nCc: qemu-stable@nongnu.org\nSigned-off-by: Jia Jia <physicalmtea@gmail.com>\n---\nRuntime reproducer:\n confirmed on current master (11.0.50) with an x86_64 ASan build and a\n local 9p backend\n\n guest actions:\n - mount the 9p share\n - create a 260-level directory tree with 255-byte names\n - walk back to the deepest directory\n - call readdir()\n\n host abort:\n ERROR: AddressSanitizer: heap-buffer-overflow\n #0 __interceptor_strrchr\n #1 g_path_get_dirname\n #2 local_lstat\n #3 v9fs_co_lstat\n #4 v9fs_getattr\n\n fsdev/file-op-9p.h | 2 +-\n 1 file changed, 1 insertion(+), 1 deletion(-)", "diff": "diff --git a/fsdev/file-op-9p.h b/fsdev/file-op-9p.h\nindex b85c9934def..e8d0661c4b5 100644\n--- a/fsdev/file-op-9p.h\n+++ b/fsdev/file-op-9p.h\n@@ -112,7 +112,7 @@ struct FsContext {\n };\n \n struct V9fsPath {\n- uint16_t size;\n+ size_t size;\n char *data;\n };\n P9ARRAY_DECLARE_TYPE(V9fsPath);\n", "prefixes": [] }