Kernel
/
iwd
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git
3
0
Fork 0
Code Releases Activity

test-runner: Fix buffer overflow 

The argv buffer allocated by alloca is only large enough to hold the
original argument list.  Additional arguments (such as --kernel) are
appended at the end, which results in the stack corruption.  Make sure
to allocate space for additional arguments.
This commit is contained in:
Denis Kenzior 2016-05-26 10:07:32 -05:00
parent f4becdff6a
commit d53873a254
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
tools/test-runner.c
View File

@ -284,7 +284,7 @@ static void start_qemu(void)
initcmd, cwd, verbose_out, test_dir_list, testargs,
getenv("PATH"));
argv = alloca(sizeof(qemu_argv));
argv = alloca(sizeof(qemu_argv) + sizeof(char *) * 5);
memcpy(argv, qemu_argv, sizeof(qemu_argv));
pos = (sizeof(qemu_argv) / sizeof(char *)) - 1;