[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2 1/4] display: ensure qxl log_buf is a nul ter
From: |
Stefan Hajnoczi |
Subject: |
Re: [Qemu-devel] [PATCH v2 1/4] display: ensure qxl log_buf is a nul terminated string |
Date: |
Mon, 21 Jan 2019 10:45:45 +0000 |
User-agent: |
Mutt/1.10.1 (2018-07-13) |
On Fri, Jan 18, 2019 at 05:31:00PM +0000, Daniel P. Berrangé wrote:
> diff --git a/hw/display/qxl.c b/hw/display/qxl.c
> index 8e9a65e75b..eefdf4baac 100644
> --- a/hw/display/qxl.c
> +++ b/hw/display/qxl.c
> @@ -1763,7 +1763,8 @@ async_common:
> qxl_set_mode(d, val, 0);
> break;
> case QXL_IO_LOG:
> - trace_qxl_io_log(d->id, d->ram->log_buf);
> + d->ram->log_buf[sizeof(d->ram->log_buf) - 1] = '\0';
> + trace_qxl_io_log(d->id, (const char *)d->ram->log_buf);
This is a PCI BAR shared with the guest? Then NUL termination is
subject to races with vcpu threads that modify log_buf[] while we access
it.
The safe way to do this is to copy in log_buf[] and then NUL-terminate
the local copy.
signature.asc
Description: PGP signature