Commit eba2af633fb8fa3b20ad578184d79e1f0eabcefe
1 parent
95ce326e
buffer overflow fix
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@932 c046a42c-6fe2-441c-8c8c-71466251a162
Showing
3 changed files
with
3 additions
and
3 deletions
block.c
| @@ -92,7 +92,7 @@ int bdrv_open(BlockDriverState *bs, const char *filename, int snapshot) | @@ -92,7 +92,7 @@ int bdrv_open(BlockDriverState *bs, const char *filename, int snapshot) | ||
| 92 | bs->fd = -1; | 92 | bs->fd = -1; |
| 93 | bs->cow_fd = -1; | 93 | bs->cow_fd = -1; |
| 94 | bs->cow_bitmap = NULL; | 94 | bs->cow_bitmap = NULL; |
| 95 | - strcpy(bs->filename, filename); | 95 | + pstrcpy(bs->filename, sizeof(bs->filename), filename); |
| 96 | 96 | ||
| 97 | /* open standard HD image */ | 97 | /* open standard HD image */ |
| 98 | #ifdef _WIN32 | 98 | #ifdef _WIN32 |
linux-user/elfload.c
| @@ -1067,7 +1067,7 @@ static int load_elf_binary(struct linux_binprm * bprm, struct target_pt_regs * r | @@ -1067,7 +1067,7 @@ static int load_elf_binary(struct linux_binprm * bprm, struct target_pt_regs * r | ||
| 1067 | char * passed_p; | 1067 | char * passed_p; |
| 1068 | 1068 | ||
| 1069 | if (interpreter_type == INTERPRETER_AOUT) { | 1069 | if (interpreter_type == INTERPRETER_AOUT) { |
| 1070 | - sprintf(passed_fileno, "%d", bprm->fd); | 1070 | + snprintf(passed_fileno, sizeof(passed_fileno), "%d", bprm->fd); |
| 1071 | passed_p = passed_fileno; | 1071 | passed_p = passed_fileno; |
| 1072 | 1072 | ||
| 1073 | if (elf_interpreter) { | 1073 | if (elf_interpreter) { |
target-i386/helper2.c
| @@ -212,7 +212,7 @@ void cpu_x86_dump_state(CPUX86State *env, FILE *f, int flags) | @@ -212,7 +212,7 @@ void cpu_x86_dump_state(CPUX86State *env, FILE *f, int flags) | ||
| 212 | 212 | ||
| 213 | if (flags & X86_DUMP_CCOP) { | 213 | if (flags & X86_DUMP_CCOP) { |
| 214 | if ((unsigned)env->cc_op < CC_OP_NB) | 214 | if ((unsigned)env->cc_op < CC_OP_NB) |
| 215 | - strcpy(cc_op_name, cc_op_str[env->cc_op]); | 215 | + snprintf(cc_op_name, sizeof(cc_op_name), "%s", cc_op_str[env->cc_op]); |
| 216 | else | 216 | else |
| 217 | snprintf(cc_op_name, sizeof(cc_op_name), "[%d]", env->cc_op); | 217 | snprintf(cc_op_name, sizeof(cc_op_name), "[%d]", env->cc_op); |
| 218 | fprintf(f, "CCS=%08x CCD=%08x CCO=%-8s\n", | 218 | fprintf(f, "CCS=%08x CCD=%08x CCO=%-8s\n", |