From patchwork Fri Jan 15 16:04:20 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 8042901 Return-Path: X-Original-To: patchwork-qemu-devel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 18F449F716 for ; Fri, 15 Jan 2016 16:07:17 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 79A1B2044C for ; Fri, 15 Jan 2016 16:07:16 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id B08BB2041A for ; Fri, 15 Jan 2016 16:07:15 +0000 (UTC) Received: from localhost ([::1]:47792 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aK6uB-0003UB-1V for patchwork-qemu-devel@patchwork.kernel.org; Fri, 15 Jan 2016 11:07:15 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:59049) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aK6rm-0007ay-Op for qemu-devel@nongnu.org; Fri, 15 Jan 2016 11:04:47 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aK6ri-0003Hs-T3 for qemu-devel@nongnu.org; Fri, 15 Jan 2016 11:04:46 -0500 Received: from mail-wm0-x233.google.com ([2a00:1450:400c:c09::233]:35754) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aK6ri-0003Hj-Lr; Fri, 15 Jan 2016 11:04:42 -0500 Received: by mail-wm0-x233.google.com with SMTP id f206so26181840wmf.0; Fri, 15 Jan 2016 08:04:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=Guy32h1+aMlsTGNn7Y48KxwhniAl7akP8q3BwziJJrc=; b=qwTov15ypq9xk4EkDiTSPwwmzA5Lx1tYToBPvpWCpHy1aW+HIxje2hrL5jqlURC9rC cB4Vq3uEjDZEflyZPsrNCs0p9cYhMj57OyW+HDvVA+Lz6xaTDQLtqg8fAMW8+ojkC0jS VqCCAHwyAsSCtbRirOuAGuAd3cbMzWZQQk7i5unpw1uIiQUDgZAXFzcJ6C5dPc3Mpq5H JxDN/MaZR3EW7irmwFo+QJGW3KTIcEw4/rWode5aYtxRUf52GP5bhqPL/WFVjKSR1PHj BHQTj+Ramnckre/wO76HWGR1OAlZD3jPpW6tHQKGNTVTQO9I6Y4dgW7uz9qcMkZ0/o1S P+Ag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=Guy32h1+aMlsTGNn7Y48KxwhniAl7akP8q3BwziJJrc=; b=eYY9NoEE8vE5ZMlum9VR3lqX9JJQh1jWMXZh04RmXV8ZCCnTzsp7651WtryrPqvznw Eu58/EKC4Vx9bMHYVvABqyoxl5+TL7H2UK57LKEGP8KRRUG/CSxldpVqvavC6I7zpYKL gtjdGfFchs2ncqx5p6aDV3Ueh88IE2upB204UUsBZ4COKSC8muYKo41xUwFXVGzpAP0R c+zATNP8dhjiKpsMHM7sXSEtMPGj46AOYXsAx7Y0ykotF8wKw4y6HadLHOuaQ9fvMGWK u8o5r7qPnpKnf065tPE6jXSBYsixpmoo+v2Mfb36L8rTpd2RYizz03nbk+TvmwiZEs+9 +t2g== X-Gm-Message-State: ALoCoQkeC9PHAtizI1jGuEIfjRw/tX+64pAnDRBYJVE07zsxGNEpLTqtDCw3pxnPOeD7fPLimfOJB+qN1/x0TUlt4PgXh83+Vg== X-Received: by 10.195.11.226 with SMTP id el2mr12910243wjd.112.1452873882023; Fri, 15 Jan 2016 08:04:42 -0800 (PST) Received: from 640k.lan (94-39-195-126.adsl-ull.clienti.tiscali.it. [94.39.195.126]) by smtp.gmail.com with ESMTPSA id c15sm3103036wmd.19.2016.01.15.08.04.41 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 15 Jan 2016 08:04:41 -0800 (PST) From: Paolo Bonzini To: qemu-devel@nongnu.org Date: Fri, 15 Jan 2016 17:04:20 +0100 Message-Id: <1452873871-138914-6-git-send-email-pbonzini@redhat.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1452873871-138914-1-git-send-email-pbonzini@redhat.com> References: <1452873871-138914-1-git-send-email-pbonzini@redhat.com> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2a00:1450:400c:c09::233 Cc: qemu-stable@nongnu.org, Prasad J Pandit , P J P Subject: [Qemu-devel] [PULL 04/15] scsi: initialise info object with appropriate size X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI, T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: P J P While processing controller 'CTRL_GET_INFO' command, the routine 'megasas_ctrl_get_info' overflows the '&info' object size. Use its appropriate size to null initialise it. Reported-by: Qinghao Tang Signed-off-by: Prasad J Pandit Message-Id: Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini --- hw/scsi/megasas.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c index d7dc667..576f56c 100644 --- a/hw/scsi/megasas.c +++ b/hw/scsi/megasas.c @@ -718,7 +718,7 @@ static int megasas_ctrl_get_info(MegasasState *s, MegasasCmd *cmd) BusChild *kid; int num_pd_disks = 0; - memset(&info, 0x0, cmd->iov_size); + memset(&info, 0x0, dcmd_size); if (cmd->iov_size < dcmd_size) { trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size, dcmd_size);