| Message ID | 20240628123910.577740-1-frolov@swemel.ru |
|---|---|
| State | New |
| Headers | show |
| Series | hw/loongarch/boot.c: fix out-of-bound reading | expand |
在 2024/6/28 下午8:39, Dmitry Frolov 写道: > memcpy() is trying to READ 512 bytes from memory, > pointed by info->kernel_cmdline, > which was (presumable) allocated by g_strdup(""); > Found with ASAN, making check with enabled sanitizers. > > Signed-off-by: Dmitry Frolov <frolov@swemel.ru> > --- > hw/loongarch/boot.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/hw/loongarch/boot.c b/hw/loongarch/boot.c > index b8e1aa18d5..cb668703bd 100644 > --- a/hw/loongarch/boot.c > +++ b/hw/loongarch/boot.c > @@ -163,7 +163,7 @@ static void init_cmdline(struct loongarch_boot_info *info, void *p, void *start) > info->a0 = 1; > info->a1 = cmdline_addr; > > - memcpy(p, info->kernel_cmdline, COMMAND_LINE_SIZE); > + g_strlcpy(p, info->kernel_cmdline, COMMAND_LINE_SIZE); > } > > static uint64_t cpu_loongarch_virt_to_phys(void *opaque, uint64_t addr) Reviewed-by: Song Gao <gaosong@loongson.cn> Thanks. Song Gao
diff --git a/hw/loongarch/boot.c b/hw/loongarch/boot.c index b8e1aa18d5..cb668703bd 100644 --- a/hw/loongarch/boot.c +++ b/hw/loongarch/boot.c @@ -163,7 +163,7 @@ static void init_cmdline(struct loongarch_boot_info *info, void *p, void *start) info->a0 = 1; info->a1 = cmdline_addr; - memcpy(p, info->kernel_cmdline, COMMAND_LINE_SIZE); + g_strlcpy(p, info->kernel_cmdline, COMMAND_LINE_SIZE); } static uint64_t cpu_loongarch_virt_to_phys(void *opaque, uint64_t addr)
memcpy() is trying to READ 512 bytes from memory, pointed by info->kernel_cmdline, which was (presumable) allocated by g_strdup(""); Found with ASAN, making check with enabled sanitizers. Signed-off-by: Dmitry Frolov <frolov@swemel.ru> --- hw/loongarch/boot.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)