diff options
| author | balrog <balrog@c046a42c-6fe2-441c-8c8c-71466251a162> | 2008-01-14 03:48:37 +0000 |
|---|---|---|
| committer | balrog <balrog@c046a42c-6fe2-441c-8c8c-71466251a162> | 2008-01-14 03:48:37 +0000 |
| commit | b34d259a81500d75e4cf435f1e8b262ba7e1421a (patch) | |
| tree | 2655587503401a22225cf160f499318bc95c7c35 | |
| parent | a78b03cb6985466beb006b4e0eec4ba22d537c43 (diff) | |
| download | qemu-b34d259a81500d75e4cf435f1e8b262ba7e1421a.zip | |
Add a path length check to prevent heap overflow (Eric Milliken).
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3916 c046a42c-6fe2-441c-8c8c-71466251a162
| -rw-r--r-- | block-vmdk.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/block-vmdk.c b/block-vmdk.c index af979a1e8e..9b5fb7346a 100644 --- a/block-vmdk.c +++ b/block-vmdk.c @@ -341,6 +341,8 @@ static int vmdk_parent_open(BlockDriverState *bs, const char * filename) p_name += sizeof("parentFileNameHint") + 1; if ((end_name = strchr(p_name,'\"')) == 0) return -1; + if ((end_name - p_name) > sizeof (s->hd->backing_file) - 1) + return -1; strncpy(s->hd->backing_file, p_name, end_name - p_name); if (stat(s->hd->backing_file, &file_buf) != 0) { |