Message ID | 1380575089-11408-1-git-send-email-sw@weilnetz.de |
---|---|
State | Accepted |
Headers | show |
01.10.2013 01:04, Stefan Weil wrote: > Latest gcc-4.8 supports a new option -fsanitize=address which activates > an AddressSanitizer. This AddressSanitizer stops the QEMU system emulation > very early because two character arrays of size 8 are potentially written > with 9 bytes. > > Commit 6ea314d91439741e95772dfbab98b4135e04bebb added the code. > > There is no obvious reason why width or height could need 8 characters, > so reduce it to 7 characters which together with the terminating '\0' > fit into the arrays. A good one. Thanks, applied to the trivial patches queue. /mjt
sw@weilnetz.de writes: > Latest gcc-4.8 supports a new option -fsanitize=address which activates > an AddressSanitizer. This AddressSanitizer stops the QEMU system emulation > very early because two character arrays of size 8 are potentially written > with 9 bytes. > > Commit 6ea314d91439741e95772dfbab98b4135e04bebb added the code. > > There is no obvious reason why width or height could need 8 characters, > so reduce it to 7 characters which together with the terminating '\0' > fit into the arrays. > > Cc: qemu-stable <qemu-stable@nongnu.org> > Signed-off-by: Stefan Weil <sw@weilnetz.de> <snip> Reviewed-by: Alex Bennée <alex@bennee.com>
diff --git a/qemu-char.c b/qemu-char.c index f7f5464..6d393e6 100644 --- a/qemu-char.c +++ b/qemu-char.c @@ -2989,11 +2989,11 @@ QemuOpts *qemu_chr_parse_compat(const char *label, const char *filename) if (strstart(filename, "vc", &p)) { qemu_opt_set(opts, "backend", "vc"); if (*p == ':') { - if (sscanf(p+1, "%8[0-9]x%8[0-9]", width, height) == 2) { + if (sscanf(p+1, "%7[0-9]x%7[0-9]", width, height) == 2) { /* pixels */ qemu_opt_set(opts, "width", width); qemu_opt_set(opts, "height", height); - } else if (sscanf(p+1, "%8[0-9]Cx%8[0-9]C", width, height) == 2) { + } else if (sscanf(p+1, "%7[0-9]Cx%7[0-9]C", width, height) == 2) { /* chars */ qemu_opt_set(opts, "cols", width); qemu_opt_set(opts, "rows", height);
Latest gcc-4.8 supports a new option -fsanitize=address which activates an AddressSanitizer. This AddressSanitizer stops the QEMU system emulation very early because two character arrays of size 8 are potentially written with 9 bytes. Commit 6ea314d91439741e95772dfbab98b4135e04bebb added the code. There is no obvious reason why width or height could need 8 characters, so reduce it to 7 characters which together with the terminating '\0' fit into the arrays. Cc: qemu-stable <qemu-stable@nongnu.org> Signed-off-by: Stefan Weil <sw@weilnetz.de> --- This is not a critical error because only other local variables can be overwritten with a null byte, but the fix is also very simple, so maybe this is a candidate for qemu-stable (1.5 and 1.6?). Regards, Stefan qemu-char.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)