vmdk: Fix vmdk_parse_extents

An extra 'p++' after while loop when *p == '\n' will move p to unknown data position, risking parsing junk data or memory access violation. Cc: qemu-stable@nongnu.org Signed-off-by: Fam Zheng <famz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
author: Fam Zheng <famz@redhat.com> 2013-10-11 19:48:29 +0800
committer: Kevin Wolf <kwolf@redhat.com> 2013-10-11 16:50:02 +0200
commit: 899f1ae219d5eaa96a53c996026cb0178d62a86d (patch)
tree: 4a4f7535a0a3159ae9110426a864ef8455eee073
parent: b681072d2005911b79835d2a6af208eba3983a48 (diff)
download: focaccia-qemu-899f1ae219d5eaa96a53c996026cb0178d62a86d.tar.gz
focaccia-qemu-899f1ae219d5eaa96a53c996026cb0178d62a86d.zip
1 files changed, 5 insertions, 2 deletions
diff --git a/block/vmdk.c b/block/vmdk.c
index 709aa3deb0..5a9f2787f8 100644
--- a/block/vmdk.c
+++ b/block/vmdk.c
@@ -772,10 +772,13 @@ static int vmdk_parse_extents(const char *desc, BlockDriverState *bs,
         }
 next_line:
         /* move to next line */
-        while (*p && *p != '\n') {
+        while (*p) {
+            if (*p == '\n') {
+                p++;
+                break;
+            }
             p++;
         }
-        p++;
     }
     return 0;
 }
author	Fam Zheng <famz@redhat.com>	2013-10-11 19:48:29 +0800
committer	Kevin Wolf <kwolf@redhat.com>	2013-10-11 16:50:02 +0200
commit	899f1ae219d5eaa96a53c996026cb0178d62a86d (patch)
tree	4a4f7535a0a3159ae9110426a864ef8455eee073
parent	b681072d2005911b79835d2a6af208eba3983a48 (diff)
download	focaccia-qemu-899f1ae219d5eaa96a53c996026cb0178d62a86d.tar.gz focaccia-qemu-899f1ae219d5eaa96a53c996026cb0178d62a86d.zip