On Fri, 10/11 13:23, Kevin Wolf wrote:
> Am 11.10.2013 um 08:04 hat Fam Zheng geschrieben:
> > An extra 'p++' after while loop when *p == '\n' will move p to unknown
> > data position, risking parsing junk data or memory access violation.
> >
> > Cc: qemu-sta...@nongnu.org
> > Signed-off-by: Fam Zheng <f...@redhat.com>
> > ---
> > block/vmdk.c | 7 +++++--
> > 1 file changed, 5 insertions(+), 2 deletions(-)
> >
> > diff --git a/block/vmdk.c b/block/vmdk.c
> > index 5d56e31..f2dda21 100644
> > --- a/block/vmdk.c
> > +++ b/block/vmdk.c
> > @@ -760,10 +760,13 @@ static int vmdk_parse_extents(const char *desc,
> > BlockDriverState *bs,
> > }
> > next_line:
> > /* move to next line */
> > - while (*p && *p != '\n') {
> > + while (*p) {
> > p++;
>
> If the first not yet parsed character is \n, you're missing a line break
> now, aren't you?
>
Yes. This case it can miss a whole line following an empty line. Will fix.
Thanks.
Fam
