block: Fix serial number assignment

Message ID	20100602174631.2f681a4c@redhat.com
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> Date: Wed, 2 Jun 2010 17:46:31 -0300 From: Luiz Capitulino <lcapitulino@redhat.com> To: qemu-devel@nongnu.org Message-ID: <20100602174631.2f681a4c@redhat.com> Organization: Red Hat Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: kwolf@redhat.com Subject: [Qemu-devel] [PATCH] block: Fix serial number assignment Precedence: list Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Message ID

20100602174631.2f681a4c@redhat.com

State

New

Headers

Date: Wed, 2 Jun 2010 17:46:31 -0300
From: Luiz Capitulino <lcapitulino@redhat.com>
To: qemu-devel@nongnu.org
Message-ID: <20100602174631.2f681a4c@redhat.com>
Organization: Red Hat
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: kwolf@redhat.com
Subject: [Qemu-devel] [PATCH] block: Fix serial number assignment
Precedence: list
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Commit Message

Luiz Capitulino June 2, 2010, 8:46 p.m. UTC

We should use 'dinfo->serial' length, 'serial' is a pointer, so
the serial number length is currently limited to the pointer size.

This fixes https://bugs.launchpad.net/qemu/+bug/584143 and is also
valid for stable.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
---
 vl.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

Comments

Markus Armbruster June 3, 2010, 7 a.m. UTC | #1

Luiz Capitulino <lcapitulino@redhat.com> writes:

> We should use 'dinfo->serial' length, 'serial' is a pointer, so
> the serial number length is currently limited to the pointer size.
>
> This fixes https://bugs.launchpad.net/qemu/+bug/584143 and is also
> valid for stable.
>
> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
> ---
>  vl.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/vl.c b/vl.c
> index 417554f..3de2166 100644
> --- a/vl.c
> +++ b/vl.c
> @@ -1060,7 +1060,7 @@ DriveInfo *drive_init(QemuOpts *opts, void *opaque,
>      dinfo->on_write_error = on_write_error;
>      dinfo->opts = opts;
>      if (serial)
> -        strncpy(dinfo->serial, serial, sizeof(serial));
> +        strncpy(dinfo->serial, serial, sizeof(dinfo->serial) - 1);
>      QTAILQ_INSERT_TAIL(&drives, dinfo, next);
>  
>      switch(type) {

Correct, because dinfo->serial[] is zero-initialized.

Patch conflicts with my "blockdev: Collect block device code in new
blockdev.c", but resolution is trivial.

Kevin Wolf June 4, 2010, 10:12 a.m. UTC | #2

Am 02.06.2010 22:46, schrieb Luiz Capitulino:
> We should use 'dinfo->serial' length, 'serial' is a pointer, so
> the serial number length is currently limited to the pointer size.
> 
> This fixes https://bugs.launchpad.net/qemu/+bug/584143 and is also
> valid for stable.
> 
> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

Thanks, applied to the block branch.

Kevin

diff --git a/vl.c b/vl.c
index 417554f..3de2166 100644
--- a/vl.c
+++ b/vl.c
@@ -1060,7 +1060,7 @@  DriveInfo *drive_init(QemuOpts *opts, void *opaque,
     dinfo->on_write_error = on_write_error;
     dinfo->opts = opts;
     if (serial)
-        strncpy(dinfo->serial, serial, sizeof(serial));
+        strncpy(dinfo->serial, serial, sizeof(dinfo->serial) - 1);
     QTAILQ_INSERT_TAIL(&drives, dinfo, next);
 
     switch(type) {