diff mbox

[PULL,59/61] vmdk: Fix vmdk_parse_extents

Message ID 1381503951-27985-60-git-send-email-kwolf@redhat.com
State New
Headers show

Commit Message

Kevin Wolf Oct. 11, 2013, 3:05 p.m. UTC 
From: Fam Zheng <famz@redhat.com>

An extra 'p++' after while loop when *p == '\n' will move p to unknown
data position, risking parsing junk data or memory access violation.

Cc: qemu-stable@nongnu.org
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
 block/vmdk.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)
diff mbox

Patch

diff --git a/block/vmdk.c b/block/vmdk.c
index 709aa3d..5a9f278 100644
--- a/block/vmdk.c
+++ b/block/vmdk.c
@@ -772,10 +772,13 @@  static int vmdk_parse_extents(const char *desc, BlockDriverState *bs,
         }
 next_line:
         /* move to next line */
-        while (*p && *p != '\n') {
+        while (*p) {
+            if (*p == '\n') {
+                p++;
+                break;
+            }
             p++;
         }
-        p++;
     }
     return 0;
 }