|
|
9ae3a8 |
From 24b35c7de7077b977ab71ccddbe004bfc4e28d82 Mon Sep 17 00:00:00 2001
|
|
|
9ae3a8 |
From: Fam Zheng <famz@redhat.com>
|
|
|
9ae3a8 |
Date: Thu, 7 Nov 2013 16:03:34 +0100
|
|
|
9ae3a8 |
Subject: [PATCH 22/25] vmdk: Fix vmdk_parse_extents
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
RH-Author: Fam Zheng <famz@redhat.com>
|
|
|
9ae3a8 |
Message-id: <1383795369-10623-2-git-send-email-famz@redhat.com>
|
|
|
9ae3a8 |
Patchwork-id: 55585
|
|
|
9ae3a8 |
O-Subject: [RHEL-7 qemu-kvm PATCH 1/2] vmdk: Fix vmdk_parse_extents
|
|
|
9ae3a8 |
Bugzilla: 995866
|
|
|
9ae3a8 |
RH-Acked-by: Amos Kong <akong@redhat.com>
|
|
|
9ae3a8 |
RH-Acked-by: Max Reitz <mreitz@redhat.com>
|
|
|
9ae3a8 |
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
An extra 'p++' after while loop when *p == '\n' will move p to unknown
|
|
|
9ae3a8 |
data position, risking parsing junk data or memory access violation.
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
Cc: qemu-stable@nongnu.org
|
|
|
9ae3a8 |
Signed-off-by: Fam Zheng <famz@redhat.com>
|
|
|
9ae3a8 |
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
|
9ae3a8 |
(cherry picked from commit 899f1ae219d5eaa96a53c996026cb0178d62a86d)
|
|
|
9ae3a8 |
Signed-off-by: Fam Zheng <famz@redhat.com>
|
|
|
9ae3a8 |
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
9ae3a8 |
---
|
|
|
9ae3a8 |
block/vmdk.c | 7 +++++--
|
|
|
9ae3a8 |
1 files changed, 5 insertions(+), 2 deletions(-)
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
diff --git a/block/vmdk.c b/block/vmdk.c
|
|
|
9ae3a8 |
index a3267fe..f2237cf 100644
|
|
|
9ae3a8 |
--- a/block/vmdk.c
|
|
|
9ae3a8 |
+++ b/block/vmdk.c
|
|
|
9ae3a8 |
@@ -782,10 +782,13 @@ static int vmdk_parse_extents(const char *desc, BlockDriverState *bs,
|
|
|
9ae3a8 |
extent->type = g_strdup(type);
|
|
|
9ae3a8 |
next_line:
|
|
|
9ae3a8 |
/* move to next line */
|
|
|
9ae3a8 |
- while (*p && *p != '\n') {
|
|
|
9ae3a8 |
+ while (*p) {
|
|
|
9ae3a8 |
+ if (*p == '\n') {
|
|
|
9ae3a8 |
+ p++;
|
|
|
9ae3a8 |
+ break;
|
|
|
9ae3a8 |
+ }
|
|
|
9ae3a8 |
p++;
|
|
|
9ae3a8 |
}
|
|
|
9ae3a8 |
- p++;
|
|
|
9ae3a8 |
}
|
|
|
9ae3a8 |
return 0;
|
|
|
9ae3a8 |
}
|
|
|
9ae3a8 |
--
|
|
|
9ae3a8 |
1.7.1
|
|
|
9ae3a8 |
|