diff options
author | Martin Radev <martin.b.radev@gmail.com> | 2022-05-20 21:35:43 +0100 |
---|---|---|
committer | Will Deacon <will@kernel.org> | 2022-05-20 21:35:43 +0100 |
commit | 3510a7f7b45fbb9205cfb721c756b385d66e2d9d (patch) | |
tree | b45bfdf5739b96cb2e9d91448d1c1e45439c40cb | |
parent | 06e1e6fe2e11a9b0d273e2d4e5b4f31e2f37a923 (diff) | |
download | kvmtool-3510a7f7b45fbb9205cfb721c756b385d66e2d9d.tar.gz |
virtio/9p: Fix virtio_9p_config allocation size
Per the Linux user API, the struct virtio_9p_config "tag" field contains
the non-NULL terminated tag name and this is how the tag name is
copied by kvmtool in virtio_9p__register(). However, the memory allocation
for the struct is off by one, as it allocates memory for the tag name and
the NULL byte. Fix it by reducing the allocation by exactly one byte.
This is also matches how the struct is allocated by QEMU tagged v7.0.0 in
virtio_9p_get_config().
Suggested-by: Alexandru Elisei <alexandru.elisei@arm.com>
Signed-off-by: Martin Radev <martin.b.radev@gmail.com>
Link: https://lore.kernel.org/r/YnzhdgUwrLlqmzch@monolith.localdoman
Signed-off-by: Will Deacon <will@kernel.org>
-rw-r--r-- | virtio/9p.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/virtio/9p.c b/virtio/9p.c index b78f2b3f..ca83436a 100644 --- a/virtio/9p.c +++ b/virtio/9p.c @@ -1577,7 +1577,7 @@ int virtio_9p__register(struct kvm *kvm, const char *root, const char *tag_name) if (!tag_name) tag_name = VIRTIO_9P_DEFAULT_TAG; - p9dev->config = calloc(1, sizeof(*p9dev->config) + strlen(tag_name) + 1); + p9dev->config = calloc(1, sizeof(*p9dev->config) + strlen(tag_name)); if (p9dev->config == NULL) { err = -ENOMEM; goto free_p9dev; |