From 1769600e1e3bd5ca48450de8ce8a118bf0af96f3 Mon Sep 17 00:00:00 2001
From: Thomas Huth <thuth@redhat.com>
Date: Fri, 29 May 2020 05:54:00 -0400
Subject: [PATCH 18/42] s390/ipl: fix off-by-one in
 update_machine_ipl_properties()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

RH-Author: Thomas Huth <thuth@redhat.com>
Message-id: <20200529055420.16855-19-thuth@redhat.com>
Patchwork-id: 97028
O-Subject: [RHEL-8.3.0 qemu-kvm PATCH v2 18/38] s390/ipl: fix off-by-one in update_machine_ipl_properties()
Bugzilla: 1828317
RH-Acked-by: Claudio Imbrenda <cimbrend@redhat.com>
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
RH-Acked-by: David Hildenbrand <david@redhat.com>

From: Halil Pasic <pasic@linux.ibm.com>

In update_machine_ipl_properties() the array ascii_loadparm needs to
hold the 8 char loadparm and a string terminating zero char.

Let's increase the size of ascii_loadparm accordingly.

Signed-off-by: Halil Pasic <pasic@linux.ibm.com>
Fixes: 0a01e082a428 ("s390/ipl: sync back loadparm")
Fixes: Coverity CID 1421966
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20200320143101.41764-1-pasic@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
(cherry picked from commit 7722837369eb1c7e808021d79da68afa0c01c26f)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
 hw/s390x/ipl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
index f25339c503..fa0409dc23 100644
--- a/hw/s390x/ipl.c
+++ b/hw/s390x/ipl.c
@@ -537,7 +537,7 @@ static void update_machine_ipl_properties(IplParameterBlock *iplb)
     /* Sync loadparm */
     if (iplb->flags & DIAG308_FLAGS_LP_VALID) {
         uint8_t *ebcdic_loadparm = iplb->loadparm;
-        char ascii_loadparm[8];
+        char ascii_loadparm[9];
         int i;
 
         for (i = 0; i < 8 && ebcdic_loadparm[i]; i++) {
-- 
2.27.0