Google Git
Sign in
qemu / qemu / 49aa4058ac6dd0081aaa45776f07c98df397ca5e
commit49aa4058ac6dd0081aaa45776f07c98df397ca5e[log] [tgz]
authorStefan Weil <sw@weilnetz.de>Mon Sep 30 23:04:49 2013 +0200
committerMichael Tokarev <mjt@tls.msk.ru>Sat Oct 05 13:05:15 2013 +0400
tree810fdef3de54da503f6bd3207fc7728bb1724f8c
parent4b351a0f212769deda960da44e299f44d5da0737 [diff]
qemu-char: Fix potential out of bounds access to local arrays

Latest gcc-4.8 supports a new option -fsanitize=address which activates
an AddressSanitizer. This AddressSanitizer stops the QEMU system emulation
very early because two character arrays of size 8 are potentially written
with 9 bytes.

Commit 6ea314d91439741e95772dfbab98b4135e04bebb added the code.

There is no obvious reason why width or height could need 8 characters,
so reduce it to 7 characters which together with the terminating '\0'
fit into the arrays.

Cc: qemu-stable <qemu-stable@nongnu.org>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Alex Bennée <alex@bennee.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
1 file changed
tree: 810fdef3de54da503f6bd3207fc7728bb1724f8c
  1. audio/
  2. backends/
  3. block/
  4. bsd-user/
  5. default-configs/
  6. disas/
  7. docs/
  8. fpu/
  9. fsdev/
  10. gdb-xml/
  11. hw/
  12. include/
  13. libcacard/
  14. linux-headers/
  15. linux-user/
  16. net/
  17. pc-bios/
  18. po/
  19. qapi/
  20. qga/
  21. qobject/
  22. qom/
  23. roms/
  24. scripts/
  25. slirp/
  26. stubs/
  27. sysconfigs/
  28. target-alpha/
  29. target-arm/
  30. target-cris/
  31. target-i386/
  32. target-lm32/
  33. target-m68k/
  34. target-microblaze/
  35. target-mips/
  36. target-moxie/
  37. target-openrisc/
  38. target-ppc/
  39. target-s390x/
  40. target-sh4/
  41. target-sparc/
  42. target-unicore32/
  43. target-xtensa/
  44. tcg/
  45. tests/
  46. trace/
  47. ui/
  48. util/
  49. dtc
  50. pixman
  51. .exrc
  52. .gitignore
  53. .gitmodules
  54. .mailmap
  55. aio-posix.c
  56. aio-win32.c
  57. arch_init.c
  58. async.c
  59. balloon.c
  60. block-migration.c
  61. block.c
  62. blockdev-nbd.c
  63. blockdev.c
  64. blockjob.c
  65. bt-host.c
  66. bt-vhci.c
  67. Changelog
  68. CODING_STYLE
  69. configure
  70. COPYING
  71. COPYING.LIB
  72. coroutine-gthread.c
  73. coroutine-sigaltstack.c
  74. coroutine-ucontext.c
  75. coroutine-win32.c
  76. cpu-exec.c
  77. cpus.c
  78. cputlb.c
  79. device-hotplug.c
  80. device_tree.c
  81. disas.c
  82. dma-helpers.c
  83. dump.c
  84. exec.c
  85. gdbstub.c
  86. HACKING
  87. hmp-commands.hx
  88. hmp.c
  89. hmp.h
  90. iohandler.c
  91. ioport.c
  92. kvm-all.c
  93. kvm-stub.c
  94. LICENSE
  95. main-loop.c
  96. MAINTAINERS
  97. Makefile
  98. Makefile.objs
  99. Makefile.target
  100. memory.c
  101. memory_mapping.c
  102. migration-exec.c
  103. migration-fd.c
  104. migration-rdma.c
  105. migration-tcp.c
  106. migration-unix.c
  107. migration.c
  108. monitor.c
  109. nbd.c
  110. os-posix.c
  111. os-win32.c
  112. page_cache.c
  113. qapi-schema.json
  114. qdev-monitor.c
  115. qdict-test-data.txt
  116. qemu-bridge-helper.c
  117. qemu-char.c
  118. qemu-coroutine-io.c
  119. qemu-coroutine-lock.c
  120. qemu-coroutine-sleep.c
  121. qemu-coroutine.c
  122. qemu-doc.texi
  123. qemu-img-cmds.hx
  124. qemu-img.c
  125. qemu-img.texi
  126. qemu-io-cmds.c
  127. qemu-io.c
  128. qemu-log.c
  129. qemu-nbd.c
  130. qemu-nbd.texi
  131. qemu-options-wrapper.h
  132. qemu-options.h
  133. qemu-options.hx
  134. qemu-seccomp.c
  135. qemu-tech.texi
  136. qemu-timer.c
  137. qemu.nsi
  138. qemu.sasl
  139. qmp-commands.hx
  140. qmp.c
  141. qtest.c
  142. readline.c
  143. README
  144. rules.mak
  145. savevm.c
  146. spice-qemu-char.c
  147. tcg-runtime.c
  148. tci.c
  149. thread-pool.c
  150. thunk.c
  151. tpm.c
  152. trace-events
  153. translate-all.c
  154. translate-all.h
  155. user-exec.c
  156. VERSION
  157. version.rc
  158. vl.c
  159. xbzrle.c
  160. xen-all.c
  161. xen-mapcache.c
  162. xen-stub.c