Hi Daan,
On 17/4/25 12:11, Daan De Meyer wrote:
CC-ing qemu-stable again to hopefully get this backported to the
stable branches.
Cheers,
Daan
On Tue, 8 Apr 2025 at 20:55, Philippe Mathieu-Daudé <phi...@linaro.org> wrote:
From: Daan De Meyer <daan.j.deme...@gmail.com>
We have to make sure the array of bytes read from the path= file
is null-terminated, otherwise we run into a buffer overrun later on.
Fixes: bb99f4772f54017490e3356ecbb3df25c5d4537f ("hw/smbios: support loading OEM
strings values from a file")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2879
If you want to be sure a commit is noticed for backport, you
should add
Cc: qemu-sta...@nongnu.org
in your commit description.
Regards,
Phil.
Signed-off-by: Daan De Meyer <daan.j.deme...@gmail.com>
Reviewed-by: Daniel P. Berrangé <berra...@redhat.com>
Tested-by: Valentin David <valentin.da...@canonical.com>
Message-ID: <20250323213622.2581013-1-daan.j.deme...@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
---
hw/smbios/smbios.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/hw/smbios/smbios.c b/hw/smbios/smbios.c
index 02a09eb9cd0..ad4cd6721e6 100644
--- a/hw/smbios/smbios.c
+++ b/hw/smbios/smbios.c
@@ -1285,6 +1285,9 @@ static int save_opt_one(void *opaque,
g_byte_array_append(data, (guint8 *)buf, ret);
}
+ buf[0] = '\0';
+ g_byte_array_append(data, (guint8 *)buf, 1);
+
qemu_close(fd);
*opt->dest = g_renew(char *, *opt->dest, (*opt->ndest) + 1);
--
2.47.1
