guix-devel/gnu/packages/patches/qemu-CVE-2016-8578.patch

28 lines
955 B
Diff
Raw Normal View History

From: Li Qiang <liq3ea@gmail.com>
In 9pfs function v9fs_iov_vunmarshal, it will not allocate space
for empty string. This will cause several NULL pointer dereference
issues. this patch fix this issue.
Signed-off-by: Li Qiang <liq3ea@gmail.com>
---
fsdev/9p-iov-marshal.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fsdev/9p-iov-marshal.c b/fsdev/9p-iov-marshal.c
index 663cad5..1d16f8d 100644
--- a/fsdev/9p-iov-marshal.c
+++ b/fsdev/9p-iov-marshal.c
@@ -125,7 +125,7 @@ ssize_t v9fs_iov_vunmarshal(struct iovec *out_sg, int out_num, size_t offset,
str->data = g_malloc(str->size + 1);
copied = v9fs_unpack(str->data, out_sg, out_num, offset,
str->size);
- if (copied > 0) {
+ if (copied >= 0) {
str->data[str->size] = 0;
} else {
v9fs_string_free(str);
--
1.8.3.1