thebeanogamer / rpms / qemu-kvm

Forked from rpms/qemu-kvm 5 months ago
Clone
Blob Blame History Raw
From 24b35c7de7077b977ab71ccddbe004bfc4e28d82 Mon Sep 17 00:00:00 2001
From: Fam Zheng <famz@redhat.com>
Date: Thu, 7 Nov 2013 16:03:34 +0100
Subject: [PATCH 22/25] vmdk: Fix vmdk_parse_extents
RH-Author: Fam Zheng <famz@redhat.com>
Message-id: <1383795369-10623-2-git-send-email-famz@redhat.com>
Patchwork-id: 55585
O-Subject: [RHEL-7 qemu-kvm PATCH 1/2] vmdk: Fix vmdk_parse_extents
Bugzilla: 995866
RH-Acked-by: Amos Kong <akong@redhat.com>
RH-Acked-by: Max Reitz <mreitz@redhat.com>
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
An extra 'p++' after while loop when *p == '\n' will move p to unknown
data position, risking parsing junk data or memory access violation.
Cc: qemu-stable@nongnu.org
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 899f1ae219d5eaa96a53c996026cb0178d62a86d)
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
block/vmdk.c | 7 +++++--
1 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/block/vmdk.c b/block/vmdk.c
index a3267fe..f2237cf 100644
--- a/block/vmdk.c
+++ b/block/vmdk.c
@@ -782,10 +782,13 @@ static int vmdk_parse_extents(const char *desc, BlockDriverState *bs,
extent->type = g_strdup(type);
next_line:
/* move to next line */
- while (*p && *p != '\n') {
+ while (*p) {
+ if (*p == '\n') {
+ p++;
+ break;
+ }
p++;
}
- p++;
}
return 0;
}
--
1.7.1