render / rpms / qemu

Forked from rpms/qemu 10 months ago
Clone

Blame 0215-vvfat-Fix-potential-buffer-overflow.patch

cd9d16
From f03f1fc43b30c377a553daf7709e1f0f392a532b Mon Sep 17 00:00:00 2001
cd9d16
From: Kevin Wolf <kwolf@redhat.com>
cd9d16
Date: Wed, 1 Jun 2011 10:57:00 +0200
cd9d16
Subject: [PATCH] vvfat: Fix potential buffer overflow
cd9d16
MIME-Version: 1.0
cd9d16
Content-Type: text/plain; charset=UTF-8
cd9d16
Content-Transfer-Encoding: 8bit
cd9d16
cd9d16
path2[PATH_MAX] can be used for the null termination, so make the array big
cd9d16
enough to allow this.
cd9d16
cd9d16
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
cd9d16
(cherry picked from commit 0d460d6f414e02805cbc348404db03b2b7907360)
cd9d16
cd9d16
Signed-off-by: Bruce Rogers <brogers@suse.com>
cd9d16
Signed-off-by: Andreas Färber <afaerber@suse.de>
cd9d16
---
cd9d16
 block/vvfat.c | 2 +-
cd9d16
 1 file changed, 1 insertion(+), 1 deletion(-)
cd9d16
cd9d16
diff --git a/block/vvfat.c b/block/vvfat.c
cd9d16
index fe568fe..98b58f0 100644
cd9d16
--- a/block/vvfat.c
cd9d16
+++ b/block/vvfat.c
cd9d16
@@ -1741,7 +1741,7 @@ static int check_directory_consistency(BDRVVVFATState *s,
cd9d16
 
cd9d16
     long_file_name lfn;
cd9d16
     int path_len = strlen(path);
cd9d16
-    char path2[PATH_MAX];
cd9d16
+    char path2[PATH_MAX + 1];
cd9d16
 
cd9d16
     assert(path_len < PATH_MAX); /* len was tested before! */
cd9d16
     pstrcpy(path2, sizeof(path2), path);
cd9d16
-- 
cd9d16
1.7.11.2
cd9d16