Re: [Qemu-devel] [PATCH] readline: Fix buffer overrun on re-add to histo

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] readline: Fix buffer overrun on re-add to histo

From:	Stefan Hajnoczi
Subject:	Re: [Qemu-devel] [PATCH] readline: Fix buffer overrun on re-add to history
Date:	Mon, 7 Nov 2011 08:04:27 +0000
User-agent:	Mutt/1.5.21 (2010-09-15)

On Fri, Nov 04, 2011 at 11:10:01AM +0100, Markus Armbruster wrote:
> readline_hist_add() moves the history entry to the end of history.  It
> uses memmove() to move rs->history[idx + 1..] to rs->history[idx..].
> However, its size argument is off by two array elements, so it writes
> one element beyond rs->history[], and reads two.
> 
> On my system, this clobbers rs->hist_entry and the hole right after
> it.  Since the function assigns to rs->hist_entry in time, the bug has
> no ill effects for me.
> 
> Spotted by Coverity.
> 
> Signed-off-by: Markus Armbruster <address@hidden>
> ---
>  readline.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)

Thanks, applied to the trivial patches tree:
http://repo.or.cz/w/qemu/stefanha.git/shortlog/refs/heads/trivial-patches

Stefan

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH] readline: Fix buffer overrun on re-add to history, Markus Armbruster, 2011/11/04
- Re: [Qemu-devel] [PATCH] readline: Fix buffer overrun on re-add to history, Stefan Hajnoczi <=

Prev by Date: Re: [Qemu-devel] [Qemu-trivial] [PATCH] xen-platform: Fix IO port read/write functions
Next by Date: Re: [Qemu-devel] [PATCH v2] block: Use bdrv functions to replace file operation in cow.c
Previous by thread: [Qemu-devel] [PATCH] readline: Fix buffer overrun on re-add to history
Next by thread: Re: [Qemu-devel] [v8 Patch 6/6]Qemu: raw posix implementation of reopen functions
Index(es):
- Date
- Thread