summary refs log tree commit diff
path: root/gnu/packages/patches/qemu-CVE-2016-8578.patch
blob: 92ba365727b2ccff9af67d2643115bd1ff97ea6f (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
From: Li Qiang <liq3ea@gmail.com>

In 9pfs function v9fs_iov_vunmarshal, it will not allocate space
for empty string. This will cause several NULL pointer dereference
issues. this patch fix this issue.

Signed-off-by: Li Qiang <liq3ea@gmail.com>
---
 fsdev/9p-iov-marshal.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fsdev/9p-iov-marshal.c b/fsdev/9p-iov-marshal.c
index 663cad5..1d16f8d 100644
--- a/fsdev/9p-iov-marshal.c
+++ b/fsdev/9p-iov-marshal.c
@@ -125,7 +125,7 @@ ssize_t v9fs_iov_vunmarshal(struct iovec *out_sg, int out_num, size_t offset,
                 str->data = g_malloc(str->size + 1);
                 copied = v9fs_unpack(str->data, out_sg, out_num, offset,
                                      str->size);
-                if (copied > 0) {
+                if (copied >= 0) {
                     str->data[str->size] = 0;
                 } else {
                     v9fs_string_free(str);
-- 
1.8.3.1