From: Chen Gang <gang.chen.5i5j@gmail.com>
Date: Wed, 15 Oct 2014 13:48:07 +0000 (+0800)
Subject: target-ppc: kvm: Fix memory overflow issue about strncat()
X-Git-Tag: TizenStudio_2.0_p2.3.2~208^2~482^2~14
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=cc64b1a1940dc2e041c5b06b003d9acf64c22372;p=sdk%2Femulator%2Fqemu.git

target-ppc: kvm: Fix memory overflow issue about strncat()

strncat() will append additional '\0' to destination buffer, so need
additional 1 byte for it, or may cause memory overflow, just like other
area within QEMU have done.

And can use g_strdup_printf() instead of strncat(), which may be more
easier understanding.

Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
---

diff --git a/target-ppc/kvm.c b/target-ppc/kvm.c
index 9c23c6b..6843fa0 100644
--- a/target-ppc/kvm.c
+++ b/target-ppc/kvm.c
@@ -1782,7 +1782,7 @@ static int kvmppc_find_cpu_dt(char *buf, int buf_len)
  * format) */
 static uint64_t kvmppc_read_int_cpu_dt(const char *propname)
 {
-    char buf[PATH_MAX];
+    char buf[PATH_MAX], *tmp;
     union {
         uint32_t v32;
         uint64_t v64;
@@ -1794,10 +1794,10 @@ static uint64_t kvmppc_read_int_cpu_dt(const char *propname)
         return -1;
     }
 
-    strncat(buf, "/", sizeof(buf) - strlen(buf));
-    strncat(buf, propname, sizeof(buf) - strlen(buf));
+    tmp = g_strdup_printf("%s/%s", buf, propname);
 
-    f = fopen(buf, "rb");
+    f = fopen(tmp, "rb");
+    g_free(tmp);
     if (!f) {
         return -1;
     }