From cc64b1a1940dc2e041c5b06b003d9acf64c22372 Mon Sep 17 00:00:00 2001 From: Chen Gang Date: Wed, 15 Oct 2014 21:48:07 +0800 Subject: [PATCH] target-ppc: kvm: Fix memory overflow issue about strncat() strncat() will append additional '\0' to destination buffer, so need additional 1 byte for it, or may cause memory overflow, just like other area within QEMU have done. And can use g_strdup_printf() instead of strncat(), which may be more easier understanding. Signed-off-by: Chen Gang Signed-off-by: Alexander Graf --- target-ppc/kvm.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/target-ppc/kvm.c b/target-ppc/kvm.c index 9c23c6ba0d..6843fa0b98 100644 --- a/target-ppc/kvm.c +++ b/target-ppc/kvm.c @@ -1782,7 +1782,7 @@ static int kvmppc_find_cpu_dt(char *buf, int buf_len) * format) */ static uint64_t kvmppc_read_int_cpu_dt(const char *propname) { - char buf[PATH_MAX]; + char buf[PATH_MAX], *tmp; union { uint32_t v32; uint64_t v64; @@ -1794,10 +1794,10 @@ static uint64_t kvmppc_read_int_cpu_dt(const char *propname) return -1; } - strncat(buf, "/", sizeof(buf) - strlen(buf)); - strncat(buf, propname, sizeof(buf) - strlen(buf)); + tmp = g_strdup_printf("%s/%s", buf, propname); - f = fopen(buf, "rb"); + f = fopen(tmp, "rb"); + g_free(tmp); if (!f) { return -1; }