From: Markus Armbruster <armbru@redhat.com>
Date: Wed, 26 Feb 2014 17:30:03 +0000 (-0700)
Subject: pci-assign: Fix potential read beyond buffer on -EBUSY
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=82d07945652f16078b172d2bd46659e8f5f30d8e;p=qemu.git

pci-assign: Fix potential read beyond buffer on -EBUSY

readlink() doesn't write a terminating null byte.
assign_failed_examine() passes the unterminated string to strrchr().
Oops.  Terminate it.

Spotted by Coverity.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
---

diff --git a/hw/i386/kvm/pci-assign.c b/hw/i386/kvm/pci-assign.c
index 968680104b..a825871d8a 100644
--- a/hw/i386/kvm/pci-assign.c
+++ b/hw/i386/kvm/pci-assign.c
@@ -743,6 +743,7 @@ static void assign_failed_examine(AssignedDevice *dev)
         goto fail;
     }
 
+    driver[r] = 0;
     ns = strrchr(driver, '/');
     if (!ns) {
         goto fail;