From 24b35c7de7077b977ab71ccddbe004bfc4e28d82 Mon Sep 17 00:00:00 2001 From: Fam Zheng Date: Thu, 7 Nov 2013 16:03:34 +0100 Subject: [PATCH 22/25] vmdk: Fix vmdk_parse_extents RH-Author: Fam Zheng Message-id: <1383795369-10623-2-git-send-email-famz@redhat.com> Patchwork-id: 55585 O-Subject: [RHEL-7 qemu-kvm PATCH 1/2] vmdk: Fix vmdk_parse_extents Bugzilla: 995866 RH-Acked-by: Amos Kong RH-Acked-by: Max Reitz RH-Acked-by: Kevin Wolf An extra 'p++' after while loop when *p == '\n' will move p to unknown data position, risking parsing junk data or memory access violation. Cc: qemu-stable@nongnu.org Signed-off-by: Fam Zheng Signed-off-by: Kevin Wolf (cherry picked from commit 899f1ae219d5eaa96a53c996026cb0178d62a86d) Signed-off-by: Fam Zheng Signed-off-by: Miroslav Rezanina --- block/vmdk.c | 7 +++++-- 1 files changed, 5 insertions(+), 2 deletions(-) diff --git a/block/vmdk.c b/block/vmdk.c index a3267fe..f2237cf 100644 --- a/block/vmdk.c +++ b/block/vmdk.c @@ -782,10 +782,13 @@ static int vmdk_parse_extents(const char *desc, BlockDriverState *bs, extent->type = g_strdup(type); next_line: /* move to next line */ - while (*p && *p != '\n') { + while (*p) { + if (*p == '\n') { + p++; + break; + } p++; } - p++; } return 0; } -- 1.7.1