Add a path length check to prevent heap overflow (Eric Milliken).

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3916 c046a42c-6fe2-441c-8c8c-71466251a162

Add a path length check to prevent heap overflow (Eric Milliken).
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3916 c046a42c-6fe2-441c-8c8c-71466251a162
balrog
1 parent a78b03cb
Showing 1 changed file with 2 additions and 0 deletions
block-vmdk.c
@@ -341,6 +341,8 @@ static int vmdk_parent_open(BlockDriverState *bs, const char * filename)
         p_name += sizeof("parentFileNameHint") + 1;
         if ((end_name = strchr(p_name,'\"')) == 0)
             return -1;
+        if ((end_name - p_name) > sizeof (s->hd->backing_file) - 1)
+            return -1;
  
         strncpy(s->hd->backing_file, p_name, end_name - p_name);
         if (stat(s->hd->backing_file, &file_buf) != 0) {