From 35fa07df87bf26ae705fddd85802c47d442cda69 Mon Sep 17 00:00:00 2001
From: Li Liang <liangx.z.li@intel.com>
Date: Mon, 30 Jun 2014 08:48:37 +0800
Subject: [PATCH] libxl: fix the bug which will cause heap to break down

If the JSON message contains more bytes than QMP_RECEIVE_BUFFER_SIZE,
this bug will break down the heap, that leads to core dump. One more
byte should be allocated to contain the appended null character.

Signed-off-by: Li Liang <liangx.z.li@intel.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
---
 tools/libxl/libxl_qmp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/libxl/libxl_qmp.c b/tools/libxl/libxl_qmp.c
index 8433e42370..5cc56b1a10 100644
--- a/tools/libxl/libxl_qmp.c
+++ b/tools/libxl/libxl_qmp.c
@@ -456,7 +456,7 @@ static int qmp_next(libxl__gc *gc, libxl__qmp_handler *qmp)
             if (incomplete) {
                 size_t current_pos = s - incomplete;
                 incomplete = libxl__realloc(gc, incomplete,
-                                            incomplete_size + rd);
+                                            incomplete_size + rd + 1);
                 strncat(incomplete + incomplete_size, qmp->buffer, rd);
                 s = incomplete + current_pos;
                 incomplete_size += rd;
-- 
2.39.5