bt: rewrite csrhci_write to avoid out-of-bounds writes - focaccia-qemu - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Paolo Bonzini <pbonzini@redhat.com>	2016-05-20 10:35:15 +0200
committer	Paolo Bonzini <pbonzini@redhat.com>	2016-05-29 09:11:11 +0200
commit	141af038dd1e73ed32e473046adeb822537c1152 (patch)
tree	e2ab07fa8796e16b4188f0eca5a29b1acf6d05c4 /scripts/dump-guest-memory.py
parent	a6b3167fa0e825aebb5a7cd8b437b6d41584a196 (diff)
download	focaccia-qemu-141af038dd1e73ed32e473046adeb822537c1152.tar.gz focaccia-qemu-141af038dd1e73ed32e473046adeb822537c1152.zip

bt: rewrite csrhci_write to avoid out-of-bounds writes

The usage of INT_MAX in this function confuses Coverity.  I think
the defect is bogus, however there is no protection against
getting more than sizeof(s->inpkt) bytes from the character device
backend.

Rewrite the function to only fill in as much data as needed from
buf into s->inpkt.  The plen variable is replaced by a simple
state machine and there is no need anymore to shift contents to
the beginning of s->inpkt.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Diffstat (limited to 'scripts/dump-guest-memory.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: