qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 2/3] vfio/pci: Fix buffer overrun when writing the VF toke

From: Cédric Le Goater
Subject: Re: [PATCH v2 2/3] vfio/pci: Fix buffer overrun when writing the VF token
Date: Thu, 26 Oct 2023 15:33:41 +0200
User-agent: Mozilla Thunderbird 
On 10/26/23 13:28, Peter Maydell wrote:

On Thu, 26 Oct 2023 at 08:08, Cédric Le Goater <clg@redhat.com> wrote:


qemu_uuid_unparse() includes a trailing NUL when writing the uuid
string and the buffer size should be UUID_FMT_LEN + 1 bytes. Use the
recently added UUID_STR_LEN which defines the correct size.

Fixes: CID 1522913
Fixes: 2dca1b37a760 ("vfio/pci: add support for VF token")
Cc: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
---
  hw/vfio/pci.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
index 
9bfa83aca1a87952e18743c9ca951b1bfc873507..c02a5d70f5e1b8e4d22051285748f514f1b9f008
 100644
--- a/hw/vfio/pci.c
+++ b/hw/vfio/pci.c
@@ -3274,7 +3274,7 @@ static void vfio_realize(PCIDevice *pdev, Error **errp)
      Error *err = NULL;
      int i, ret;
      bool is_mdev;
-    char uuid[UUID_FMT_LEN];
+    char uuid[UUID_STR_LEN];
      char *name;

      if (vbasedev->fd < 0 && !vbasedev->sysfsdev) {


This patch (and its dependency) should probably be cc qemu-stable ?


yes. 8.1 is impacted. I was waiting for some feedback.

Thanks,

C.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]