| Message ID | 1381492109-24999-1-git-send-email-famz@redhat.com |
|---|---|
| State | New |
| Headers | show |
Am 11.10.2013 um 13:48 hat Fam Zheng geschrieben: > An extra 'p++' after while loop when *p == '\n' will move p to unknown > data position, risking parsing junk data or memory access violation. > > Cc: qemu-stable@nongnu.org > Signed-off-by: Fam Zheng <famz@redhat.com> Thanks, applied to the block branch. Kevin
Cc'ing qemu-stable@nongnu.org. On Fri, 10/11 19:48, Fam Zheng wrote: > An extra 'p++' after while loop when *p == '\n' will move p to unknown > data position, risking parsing junk data or memory access violation. > > Cc: qemu-stable@nongnu.org > Signed-off-by: Fam Zheng <famz@redhat.com> > --- > block/vmdk.c | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > > diff --git a/block/vmdk.c b/block/vmdk.c > index 5d56e31..21f0fa7 100644 > --- a/block/vmdk.c > +++ b/block/vmdk.c > @@ -760,10 +760,13 @@ static int vmdk_parse_extents(const char *desc, BlockDriverState *bs, > } > next_line: > /* move to next line */ > - while (*p && *p != '\n') { > + while (*p) { > + if (*p == '\n') { > + p++; > + break; > + } > p++; > } > - p++; > } > return 0; > } > -- > 1.8.3.1 > >
diff --git a/block/vmdk.c b/block/vmdk.c index 5d56e31..21f0fa7 100644 --- a/block/vmdk.c +++ b/block/vmdk.c @@ -760,10 +760,13 @@ static int vmdk_parse_extents(const char *desc, BlockDriverState *bs, } next_line: /* move to next line */ - while (*p && *p != '\n') { + while (*p) { + if (*p == '\n') { + p++; + break; + } p++; } - p++; } return 0; }
An extra 'p++' after while loop when *p == '\n' will move p to unknown data position, risking parsing junk data or memory access violation. Cc: qemu-stable@nongnu.org Signed-off-by: Fam Zheng <famz@redhat.com> --- block/vmdk.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)