diff options
| author | Fam Zheng <famz@redhat.com> | 2013-10-11 19:48:29 +0800 |
|---|---|---|
| committer | Michael Roth <mdroth@linux.vnet.ibm.com> | 2013-12-03 14:08:26 -0600 |
| commit | b685f6af6f3aa34a845f156b334c1e24661fd344 (patch) | |
| tree | d9c5cdfd9900831d4f77429ce6b3ce9089bf624a | |
| parent | 99b5b999a4fc03ad6164b71af97406657c1ff14a (diff) | |
| download | qemu-b685f6af6f3aa34a845f156b334c1e24661fd344.tar.gz | |
vmdk: Fix vmdk_parse_extents
An extra 'p++' after while loop when *p == '\n' will move p to unknown
data position, risking parsing junk data or memory access violation.
Cc: qemu-stable@nongnu.org
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 899f1ae219d5eaa96a53c996026cb0178d62a86d)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
| -rw-r--r-- | block/vmdk.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/block/vmdk.c b/block/vmdk.c index 258a24f3cd..dcee07a308 100644 --- a/block/vmdk.c +++ b/block/vmdk.c @@ -755,10 +755,13 @@ static int vmdk_parse_extents(const char *desc, BlockDriverState *bs, } next_line: /* move to next line */ - while (*p && *p != '\n') { + while (*p) { + if (*p == '\n') { + p++; + break; + } p++; } - p++; } return 0; } |