diff options
| author | Paolo Bonzini <pbonzini@redhat.com> | 2011-10-05 09:12:03 +0200 |
|---|---|---|
| committer | Kevin Wolf <kwolf@redhat.com> | 2011-11-04 15:42:44 +0100 |
| commit | 2b6a43a835e5082dedc6a5eea39a59463f97c81c (patch) | |
| tree | 93ac44583b153d77d22cbdcb3d24bd91f9d555a5 /block | |
| parent | 756f51e408febecdaff041f096527b820e857762 (diff) | |
| download | qemu-2b6a43a835e5082dedc6a5eea39a59463f97c81c.zip | |
vvfat: fix out of bounds array_get usage
When reading the address of the first free entry, you cannot
use array_get without first marking all entries as occupied.
This is visible if you change the sectors per cluster on a
floppy from 2 to 1.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Diffstat (limited to 'block')
| -rw-r--r-- | block/vvfat.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/block/vvfat.c b/block/vvfat.c index e1fcdbc45b..75d0dc07e0 100644 --- a/block/vvfat.c +++ b/block/vvfat.c @@ -799,6 +799,7 @@ static int read_directory(BDRVVVFATState* s, int mapping_index) /* root directory */ int cur = s->directory.next; array_ensure_allocated(&(s->directory), ROOT_ENTRIES - 1); + s->directory.next = ROOT_ENTRIES; memset(array_get(&(s->directory), cur), 0, (ROOT_ENTRIES - cur) * sizeof(direntry_t)); } |