On 07/20/2018 08:09 AM, liujunjie wrote:
From: l00425170 <liujunji...@huawei.com>
The incoming parameters "start" and "end" is int type in
qstring_from_substr(), but this function can be called by
qstring_from_str, which is size_t type in strlen(str).
It may result in coredump when called g_malloc later.
One scene to triger is to call hmp "into tlb", which may have
too long length of string.
Signed-off-by: l00425170 <liujunji...@huawei.com>
Using what looks like a username for your Author and S-o-b designation
rather than a legal name is fishy. If 'l00425170' is really an alias
that you have frequently used in other open source projects, it might be
okay (and if so, you could back it up by pointing us to a URL of such
contributions to other projects). But in general, it's better to own
your patches with your real name (git supports UTF-8, if you would like
your name to appear in native characters instead of or in addition to a
Latin-ized form).
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
