On Tue, May 07, 2013 at 10:14:11AM -0600, Eric Blake wrote:
> On 05/07/2013 01:16 AM, Qiao Nuohan wrote:
> > Struct dump_bitmap is associated with a tmp file, and the tmp file can be
> > used
> > to save data of bitmap in kdump-compressed format temporarily.
> > The following patch will use these functions to get the data of bitmap and
> > cache
> > them into tmp files.
> >
> > Signed-off-by: Qiao Nuohan <qiaonuo...@cn.fujitsu.com>
> > Reviewed-by: Zhang Xiaohe <zhan...@cn.fujitsu.com>
> > ---
>
> > + db->file_name = (char *)g_malloc(strlen(filename) + strlen(tmpname) +
> > 1);
> > +
> > + strcpy(db->file_name, tmpname);
> > + strcat(db->file_name, "/");
> > + strcat(db->file_name, filename);
>
> Off-by-one buffer overflow, since you forgot space for the NUL byte. We
> use C, not C++, so you don't need to cast the result of g_malloc().
Using g_strdup_printf("%s/%s", tmpname, filename); avoids the
allocation size problems entirely.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
