On Mon, 02 Mar 2026 16:48:09 +0900
Akihiko Odaki <[email protected]> wrote:
> Ensure the buffer in vfio_pci_host_match() will not overflow even when
> an invalid addr parameter is provided.
This commit log could be much more straightforward. Something like:
Each field of PCIHostDeviceAddress is an unsigned int, therefore
while a valid address is limited to 13 characters, an invalid
address could exceed the specified format, up to:
ffffffff:ffffffff:ffffffff.ffffffff<NUL>
This requires 36 characters with the terminator.
With that:
Reviewed-by: Alex Williamson <[email protected]>
> Signed-off-by: Akihiko Odaki <[email protected]>
> ---
> hw/vfio/pci.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
> index c89f3fbea348..94c174a773fb 100644
> --- a/hw/vfio/pci.c
> +++ b/hw/vfio/pci.c
> @@ -2739,7 +2739,7 @@ void vfio_pci_post_reset(VFIOPCIDevice *vdev)
>
> bool vfio_pci_host_match(PCIHostDeviceAddress *addr, const char *name)
> {
> - char tmp[13];
> + char tmp[36];
>
> sprintf(tmp, "%04x:%02x:%02x.%1x", addr->domain,
> addr->bus, addr->slot, addr->function);
>
