[1/1] s390/ipl: fix off-by-one in update_machine_ipl_properties()

Commit Message

Halil Pasic March 20, 2020, 2:31 p.m. UTC

In update_machine_ipl_properties() the array ascii_loadparm needs to
hold the 8 char lodparm and a string terminating zero char.

Let's increase the size of ascii_loadparm accordingly.

Signed-off-by: Halil Pasic <pasic@linux.ibm.com>
Fixes: 0a01e082a4 ("s390/ipl: sync back loadparm")
Reported-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/s390x/ipl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


base-commit: 226cd20706e20264c176f8edbaf17d7c9b7ade4a

Comments

Cornelia Huck March 20, 2020, 5:25 p.m. UTC | #1

On Fri, 20 Mar 2020 15:31:01 +0100
Halil Pasic <pasic@linux.ibm.com> wrote:

> In update_machine_ipl_properties() the array ascii_loadparm needs to
> hold the 8 char lodparm and a string terminating zero char.

s/lodparm/loadparm/

> Let's increase the size of ascii_loadparm accordingly.
> 
> Signed-off-by: Halil Pasic <pasic@linux.ibm.com>
> Fixes: 0a01e082a4 ("s390/ipl: sync back loadparm")

Fixes: Coverity CID 1421966

> Reported-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>  hw/s390x/ipl.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
> index b81942e1e6..8c3e019571 100644
> --- a/hw/s390x/ipl.c
> +++ b/hw/s390x/ipl.c
> @@ -546,7 +546,7 @@ static void update_machine_ipl_properties(IplParameterBlock *iplb)
>      /* Sync loadparm */
>      if (iplb->flags & DIAG308_FLAGS_LP_VALID) {
>          uint8_t *ebcdic_loadparm = iplb->loadparm;
> -        char ascii_loadparm[8];
> +        char ascii_loadparm[9];
>          int i;
>  
>          for (i = 0; i < 8 && ebcdic_loadparm[i]; i++) {
> 
> base-commit: 226cd20706e20264c176f8edbaf17d7c9b7ade4a

Thanks, queued to s390-fixes.

Halil Pasic March 23, 2020, 4:13 p.m. UTC | #2

On Fri, 20 Mar 2020 18:25:18 +0100
Cornelia Huck <cohuck@redhat.com> wrote:

> On Fri, 20 Mar 2020 15:31:01 +0100
> Halil Pasic <pasic@linux.ibm.com> wrote:
> 
> > In update_machine_ipl_properties() the array ascii_loadparm needs to
> > hold the 8 char lodparm and a string terminating zero char.
> 
> s/lodparm/loadparm/
> 
> > Let's increase the size of ascii_loadparm accordingly.
> > 
> > Signed-off-by: Halil Pasic <pasic@linux.ibm.com>
> > Fixes: 0a01e082a4 ("s390/ipl: sync back loadparm")
> 
> Fixes: Coverity CID 1421966
> 
> > Reported-by: Peter Maydell <peter.maydell@linaro.org>
> > ---
> >  hw/s390x/ipl.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
> > index b81942e1e6..8c3e019571 100644
> > --- a/hw/s390x/ipl.c
> > +++ b/hw/s390x/ipl.c
> > @@ -546,7 +546,7 @@ static void update_machine_ipl_properties(IplParameterBlock *iplb)
> >      /* Sync loadparm */
> >      if (iplb->flags & DIAG308_FLAGS_LP_VALID) {
> >          uint8_t *ebcdic_loadparm = iplb->loadparm;
> > -        char ascii_loadparm[8];
> > +        char ascii_loadparm[9];
> >          int i;
> >  
> >          for (i = 0; i < 8 && ebcdic_loadparm[i]; i++) {
> > 
> > base-commit: 226cd20706e20264c176f8edbaf17d7c9b7ade4a
> 
> Thanks, queued to s390-fixes.
> 

Thank you!

David Hildenbrand March 27, 2020, 9:15 a.m. UTC | #3

On 20.03.20 15:31, Halil Pasic wrote:
> In update_machine_ipl_properties() the array ascii_loadparm needs to
> hold the 8 char lodparm and a string terminating zero char.
> 
> Let's increase the size of ascii_loadparm accordingly.
> 
> Signed-off-by: Halil Pasic <pasic@linux.ibm.com>
> Fixes: 0a01e082a4 ("s390/ipl: sync back loadparm")
> Reported-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>  hw/s390x/ipl.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
> index b81942e1e6..8c3e019571 100644
> --- a/hw/s390x/ipl.c
> +++ b/hw/s390x/ipl.c
> @@ -546,7 +546,7 @@ static void update_machine_ipl_properties(IplParameterBlock *iplb)
>      /* Sync loadparm */
>      if (iplb->flags & DIAG308_FLAGS_LP_VALID) {
>          uint8_t *ebcdic_loadparm = iplb->loadparm;
> -        char ascii_loadparm[8];
> +        char ascii_loadparm[9];
>          int i;
>  
>          for (i = 0; i < 8 && ebcdic_loadparm[i]; i++) {
> 
> base-commit: 226cd20706e20264c176f8edbaf17d7c9b7ade4a
> 

Reviewed-by: David Hildenbrand <david@redhat.com>

Patch

diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
index b81942e1e6..8c3e019571 100644
--- a/hw/s390x/ipl.c
+++ b/hw/s390x/ipl.c
@@ -546,7 +546,7 @@  static void update_machine_ipl_properties(IplParameterBlock *iplb)
     /* Sync loadparm */
     if (iplb->flags & DIAG308_FLAGS_LP_VALID) {
         uint8_t *ebcdic_loadparm = iplb->loadparm;
-        char ascii_loadparm[8];
+        char ascii_loadparm[9];
         int i;
 
         for (i = 0; i < 8 && ebcdic_loadparm[i]; i++) {