CC-ing qemu-stable again to hopefully get this backported to the
stable branches.
Cheers,
Daan
On Tue, 8 Apr 2025 at 20:55, Philippe Mathieu-Daudé <phi...@linaro.org> wrote:
>
> From: Daan De Meyer <daan.j.deme...@gmail.com>
>
> We have to make sure the array of bytes read from the path= file
> is null-terminated, otherwise we run into a buffer overrun later on.
>
> Fixes: bb99f4772f54017490e3356ecbb3df25c5d4537f ("hw/smbios: support loading
> OEM strings values from a file")
> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2879
>
> Signed-off-by: Daan De Meyer <daan.j.deme...@gmail.com>
> Reviewed-by: Daniel P. Berrangé <berra...@redhat.com>
> Tested-by: Valentin David <valentin.da...@canonical.com>
> Message-ID: <20250323213622.2581013-1-daan.j.deme...@gmail.com>
> Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
> ---
> hw/smbios/smbios.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/hw/smbios/smbios.c b/hw/smbios/smbios.c
> index 02a09eb9cd0..ad4cd6721e6 100644
> --- a/hw/smbios/smbios.c
> +++ b/hw/smbios/smbios.c
> @@ -1285,6 +1285,9 @@ static int save_opt_one(void *opaque,
> g_byte_array_append(data, (guint8 *)buf, ret);
> }
>
> + buf[0] = '\0';
> + g_byte_array_append(data, (guint8 *)buf, 1);
> +
> qemu_close(fd);
>
> *opt->dest = g_renew(char *, *opt->dest, (*opt->ndest) + 1);
> --
> 2.47.1
>
