diff options
| author | P J P <ppandit@redhat.com> | 2015-12-21 15:13:13 +0530 |
|---|---|---|
| committer | Timothy Pearson <tpearson@raptorengineering.com> | 2019-11-29 19:28:24 -0600 |
| commit | db3005ed07aa8fa7b1adba40ba40f147266d17d9 (patch) | |
| tree | 85c75dd583224ab99f595fb03d0635ac37218903 /hw/scsi | |
| parent | fd5b5306a5d32ec0f42bb34c4bce1a0f346f9734 (diff) | |
| download | hqemu-db3005ed07aa8fa7b1adba40ba40f147266d17d9.zip hqemu-db3005ed07aa8fa7b1adba40ba40f147266d17d9.tar.gz | |
scsi: initialise info object with appropriate size
While processing controller 'CTRL_GET_INFO' command, the routine
'megasas_ctrl_get_info' overflows the '&info' object size. Use its
appropriate size to null initialise it.
Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <alpine.LFD.2.20.1512211501420.22471@wniryva>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: P J P <ppandit@redhat.com>
Diffstat (limited to 'hw/scsi')
| -rw-r--r-- | hw/scsi/megasas.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c index d7dc667..576f56c 100644 --- a/hw/scsi/megasas.c +++ b/hw/scsi/megasas.c @@ -718,7 +718,7 @@ static int megasas_ctrl_get_info(MegasasState *s, MegasasCmd *cmd) BusChild *kid; int num_pd_disks = 0; - memset(&info, 0x0, cmd->iov_size); + memset(&info, 0x0, dcmd_size); if (cmd->iov_size < dcmd_size) { trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size, dcmd_size); |
