External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-08 22:15:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

qemu: Fix off-by-one error while unescaping monitor strings

Browse Source 
While unescaping the commands the commands passed through to the monitor
function qemuMonitorUnescapeArg() initialized lenght of the input string
to strlen()+1 which is fine for alloc but not for iteration of the
string.

This patch fixes the off-by-one error and drops the pointless check for
a single trailing slash that is automaticaly handled by the default
branch of switch.
This commit is contained in:
Peter Krempa 2012-06-14 10:29:36 +02:00
parent 5b4740265c
commit 0f4660c878
1 changed files with 3 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/qemu/qemu_monitor.c
View File

@ -161,20 +161,15 @@ char *qemuMonitorUnescapeArg(const char *in)
{
int i, j;
char *out;
int len = strlen(in) + 1;
int len = strlen(in);
char next;
if (VIR_ALLOC_N(out, len) < 0)
if (VIR_ALLOC_N(out, len + 1) < 0)
return NULL;
for (i = j = 0; i < len; ++i) {
next = in[i];
if (in[i] == '\\') {
if (len < i + 1) {
/* trailing backslash shouldn't be possible */
VIR_FREE(out);
return NULL;
}
++i;
switch(in[i]) {
case 'r':
@ -188,7 +183,7 @@ char *qemuMonitorUnescapeArg(const char *in)
next = in[i];
break;
default:
/* invalid input */
/* invalid input (including trailing '\' at end of in) */
VIR_FREE(out);
return NULL;
}