strncat() will append additional '\0' to destination buffer, so need
additional 1 byte for it, or may cause memory overflow, just like other
area within QEMU have done.
Signed-off-by: Chen Gang <gang.chen.5i5j@xxxxxxxxx>
---
target-ppc/kvm.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/target-ppc/kvm.c b/target-ppc/kvm.c
index 9c23c6b..66e7ce5 100644
--- a/target-ppc/kvm.c
+++ b/target-ppc/kvm.c
@@ -1794,8 +1794,8 @@ static uint64_t kvmppc_read_int_cpu_dt(const char *propname)
return -1;
}
- strncat(buf, "/", sizeof(buf) - strlen(buf));
- strncat(buf, propname, sizeof(buf) - strlen(buf));
+ strncat(buf, "/", sizeof(buf) - strlen(buf) - 1);
+ strncat(buf, propname, sizeof(buf) - strlen(buf) - 1);
f = fopen(buf, "rb");
if (!f) {
--
1.9.3
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
