3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-25 17:59:25 +01:00

test-runner: Fix buffer overflow

The argv buffer allocated by alloca is only large enough to hold the
original argument list.  Additional arguments (such as --kernel) are
appended at the end, which results in the stack corruption.  Make sure
to allocate space for additional arguments.
This commit is contained in:
Denis Kenzior 2016-05-26 10:07:32 -05:00
parent f4becdff6a
commit d53873a254

View File

@ -284,7 +284,7 @@ static void start_qemu(void)
initcmd, cwd, verbose_out, test_dir_list, testargs, initcmd, cwd, verbose_out, test_dir_list, testargs,
getenv("PATH")); getenv("PATH"));
argv = alloca(sizeof(qemu_argv)); argv = alloca(sizeof(qemu_argv) + sizeof(char *) * 5);
memcpy(argv, qemu_argv, sizeof(qemu_argv)); memcpy(argv, qemu_argv, sizeof(qemu_argv));
pos = (sizeof(qemu_argv) / sizeof(char *)) - 1; pos = (sizeof(qemu_argv) / sizeof(char *)) - 1;