pci-assign: Fix potential read beyond buffer on -EBUSY

readlink() doesn't write a terminating null byte. assign_failed_examine() passes the unterminated string to strrchr(). Oops. Terminate it. Spotted by Coverity. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
author: Markus Armbruster 2014-02-26 18:30:03 +0100
committer: Alex Williamson 2014-02-26 18:30:03 +0100
commit: 82d07945652f16078b172d2bd46659e8f5f30d8e (patch)
tree: 72077ca349fb9c721802132aa96d9480fea7333b /hw/i386/kvm/pci-assign.c
parent: vfio: Fix overrun after readlink() fills buffer completely (diff)
download: qemu-82d07945652f16078b172d2bd46659e8f5f30d8e.tar.gz
qemu-82d07945652f16078b172d2bd46659e8f5f30d8e.tar.xz
qemu-82d07945652f16078b172d2bd46659e8f5f30d8e.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/hw/i386/kvm/pci-assign.c b/hw/i386/kvm/pci-assign.c
index 968680104b..a825871d8a 100644
--- a/hw/i386/kvm/pci-assign.c
+++ b/hw/i386/kvm/pci-assign.c
@@ -743,6 +743,7 @@ static void assign_failed_examine(AssignedDevice *dev)
         goto fail;
     }
 
+    driver[r] = 0;
     ns = strrchr(driver, '/');
     if (!ns) {
         goto fail;
author	Markus Armbruster	2014-02-26 18:30:03 +0100
committer	Alex Williamson	2014-02-26 18:30:03 +0100
commit	82d07945652f16078b172d2bd46659e8f5f30d8e (patch)
tree	72077ca349fb9c721802132aa96d9480fea7333b /hw/i386/kvm/pci-assign.c
parent	vfio: Fix overrun after readlink() fills buffer completely (diff)
download	qemu-82d07945652f16078b172d2bd46659e8f5f30d8e.tar.gz qemu-82d07945652f16078b172d2bd46659e8f5f30d8e.tar.xz qemu-82d07945652f16078b172d2bd46659e8f5f30d8e.zip