diff options
Diffstat (limited to 'gnu/packages/patches/qemu-CVE-2016-8578.patch')
| -rw-r--r-- | gnu/packages/patches/qemu-CVE-2016-8578.patch | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/gnu/packages/patches/qemu-CVE-2016-8578.patch b/gnu/packages/patches/qemu-CVE-2016-8578.patch new file mode 100644 index 0000000000..92ba365727 --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2016-8578.patch @@ -0,0 +1,27 @@ +From: Li Qiang <liq3ea@gmail.com> + +In 9pfs function v9fs_iov_vunmarshal, it will not allocate space +for empty string. This will cause several NULL pointer dereference +issues. this patch fix this issue. + +Signed-off-by: Li Qiang <liq3ea@gmail.com> +--- + fsdev/9p-iov-marshal.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fsdev/9p-iov-marshal.c b/fsdev/9p-iov-marshal.c +index 663cad5..1d16f8d 100644 +--- a/fsdev/9p-iov-marshal.c ++++ b/fsdev/9p-iov-marshal.c +@@ -125,7 +125,7 @@ ssize_t v9fs_iov_vunmarshal(struct iovec *out_sg, int out_num, size_t offset, + str->data = g_malloc(str->size + 1); + copied = v9fs_unpack(str->data, out_sg, out_num, offset, + str->size); +- if (copied > 0) { ++ if (copied >= 0) { + str->data[str->size] = 0; + } else { + v9fs_string_free(str); +-- +1.8.3.1 + |