36 lines
1.2 KiB
Diff
36 lines
1.2 KiB
Diff
|
From f9cc704bbcf8bb8a06095289921dc88944d0fe94 Mon Sep 17 00:00:00 2001
|
||
|
|
From: Dmitry Frolov <frolov@swemel.ru>
|
||
|
|
Date: Fri, 28 Jun 2024 15:39:10 +0300
|
||
|
|
Subject: [PATCH 30/78] hw/loongarch/boot.c: fix out-of-bound reading
|
||
|
|
|
||
|
|
memcpy() is trying to READ 512 bytes from memory,
|
||
|
|
pointed by info->kernel_cmdline,
|
||
|
|
which was (presumable) allocated by g_strdup("");
|
||
|
|
Found with ASAN, making check with enabled sanitizers.
|
||
|
|
|
||
|
|
Signed-off-by: Dmitry Frolov <frolov@swemel.ru>
|
||
|
|
Reviewed-by: Song Gao <gaosong@loongson.cn>
|
||
|
|
Message-Id: <20240628123910.577740-1-frolov@swemel.ru>
|
||
|
|
Signed-off-by: Song Gao <gaosong@loongson.cn>
|
||
|
|
Signed-off-by: Xianglai Li <lixianglai@loongson.cn>
|
||
|
|
---
|
||
|
|
hw/loongarch/boot.c | 2 +-
|
||
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||
|
|
|
||
|
|
diff --git a/hw/loongarch/boot.c b/hw/loongarch/boot.c
|
||
|
|
index b8e1aa18d5..cb668703bd 100644
|
||
|
|
--- a/hw/loongarch/boot.c
|
||
|
|
+++ b/hw/loongarch/boot.c
|
||
|
|
@@ -163,7 +163,7 @@ static void init_cmdline(struct loongarch_boot_info *info, void *p, void *start)
|
||
|
|
info->a0 = 1;
|
||
|
|
info->a1 = cmdline_addr;
|
||
|
|
|
||
|
|
- memcpy(p, info->kernel_cmdline, COMMAND_LINE_SIZE);
|
||
|
|
+ g_strlcpy(p, info->kernel_cmdline, COMMAND_LINE_SIZE);
|
||
|
|
}
|
||
|
|
|
||
|
|
static uint64_t cpu_loongarch_virt_to_phys(void *opaque, uint64_t addr)
|
||
|
|
--
|
||
|
|
2.39.1
|
||
|
|
|