]> xenbits.xensource.com Git - qemu-xen-3.4-testing.git/commitdiff
projects / qemu-xen-3.4-testing.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a78b03c)
Add a path length check to prevent heap overflow (Eric Milliken).
authorbalrog <balrog@c046a42c-6fe2-441c-8c8c-71466251a162>
Mon, 14 Jan 2008 03:48:37 +0000 (03:48 +0000)
committerbalrog <balrog@c046a42c-6fe2-441c-8c8c-71466251a162>
Mon, 14 Jan 2008 03:48:37 +0000 (03:48 +0000)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3916 c046a42c-6fe2-441c-8c8c-71466251a162

block-vmdk.c patch | blob | history

diff --git a/block-vmdk.c b/block-vmdk.c
index af979a1e8e4a9aea4ef6f8b5eb84d424d3e0417d..9b5fb7346a9f932cddfd194c15032ffb47a02063 100644 (file)
--- a/block-vmdk.c
+++ b/block-vmdk.c
@@ -341,6 +341,8 @@ static int vmdk_parent_open(BlockDriverState *bs, const char * filename)
         p_name += sizeof("parentFileNameHint") + 1;
         if ((end_name = strchr(p_name,'\"')) == 0)
             return -1;
+        if ((end_name - p_name) > sizeof (s->hd->backing_file) - 1)
+            return -1;
 
         strncpy(s->hd->backing_file, p_name, end_name - p_name);
         if (stat(s->hd->backing_file, &file_buf) != 0) {
Obsolete Qemu-dm 3.4 stable branch