From d53873a2549c570645f9cb3f7ab38c233c5c5bc6 Mon Sep 17 00:00:00 2001 From: Denis Kenzior Date: Thu, 26 May 2016 10:07:32 -0500 Subject: [PATCH] test-runner: Fix buffer overflow The argv buffer allocated by alloca is only large enough to hold the original argument list. Additional arguments (such as --kernel) are appended at the end, which results in the stack corruption. Make sure to allocate space for additional arguments. --- tools/test-runner.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/test-runner.c b/tools/test-runner.c index c65bd8ce..dffa05e6 100644 --- a/tools/test-runner.c +++ b/tools/test-runner.c @@ -284,7 +284,7 @@ static void start_qemu(void) initcmd, cwd, verbose_out, test_dir_list, testargs, getenv("PATH")); - argv = alloca(sizeof(qemu_argv)); + argv = alloca(sizeof(qemu_argv) + sizeof(char *) * 5); memcpy(argv, qemu_argv, sizeof(qemu_argv)); pos = (sizeof(qemu_argv) / sizeof(char *)) - 1;