From nobody Thu Apr  2 17:11:21 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=pass(p=reject dis=none)  header.from=lists.libvirt.org
ARC-Seal: i=1; a=rsa-sha256; t=1774602852; cv=none;
	d=zohomail.com; s=zohoarc;
	b=e23Un50dd4iY2aFxxpNuyihZP0ckSbn1ILzzpTLr+s5ceGqN1bhpPdrbileJQa4SrtS09TMaAOEG9xBOArLnvUT8nOzooORGorJuzMnysjWgGek9HjeKCuS1TJh2Bg+kXL6G67lB0bYY9EGCTj6xWH/omPraELGAc14zJtJPJBo=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1774602852;
 h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:Subject:Subject:To:To:Message-Id:Cc;
	bh=jpWLV4bACKVCNUp+A8SLnTRycg1v7SBC0etfkuyUjPs=;
	b=MCBclX6Fz8FMS449Pi0bLmXtsmp9VivIGEsAghx2c1uBFHImNhjh8zYsNc44fN1teP9GB2IKewHmy9fWNLObbZlrdr4bXZx5qsKh92iBmXNhKmhgcLiGSLYwjl4ZJFKHNvCnjdvs4jaWSinSKOwVeplXy4nkd9opoAMa0s0nn88=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=pass header.from=<devel@lists.libvirt.org> (p=reject dis=none)
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 177460285287993.9921244486876;
 Fri, 27 Mar 2026 02:14:12 -0700 (PDT)
Received: by lists.libvirt.org (Postfix, from userid 993)
	id D7BA83F83F; Fri, 27 Mar 2026 05:14:11 -0400 (EDT)
Received: from [172.19.199.12] (lists.libvirt.org [8.43.85.245])
	by lists.libvirt.org (Postfix) with ESMTP id A28BD3F96A;
	Fri, 27 Mar 2026 05:13:40 -0400 (EDT)
Received: by lists.libvirt.org (Postfix, from userid 993)
	id 668003F30F; Fri, 27 Mar 2026 05:13:36 -0400 (EDT)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest
 SHA256)
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id A510F3F294
	for <devel@lists.libvirt.org>; Fri, 27 Mar 2026 05:13:35 -0400 (EDT)
Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-112-gVKE815NPmuw14V4hOs6Mg-1; Fri,
 27 Mar 2026 05:13:33 -0400
Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id D458319560A1
	for <devel@lists.libvirt.org>; Fri, 27 Mar 2026 09:13:32 +0000 (UTC)
Received: from moe (unknown [10.43.3.236])
	by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP
 id 09D2E1955D71
	for <devel@lists.libvirt.org>; Fri, 27 Mar 2026 09:13:31 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_INVALID,
	DKIM_SIGNED,HELO_MISC_IP,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,
	RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED,
	RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable
	autolearn_force=no version=4.0.1
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1774602815;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=jpWLV4bACKVCNUp+A8SLnTRycg1v7SBC0etfkuyUjPs=;
	b=MY69iIR1eXX3Jhc+URxIVRPgORlV4bzz6fplvz9pYS1ictgablER3HOURFrXfnNWO5Q0/e
	RqVDDRaOBGAiQEWhJwIDXQGSs9KeMPGbsn5HWztEFxSiTH4SnyBZ0a+rhm+ibft6Cfuw6B
	rwPOEDxM1VzwZ+pG7Fhl1PU3q37X+gg=
X-MC-Unique: gVKE815NPmuw14V4hOs6Mg-1
X-Mimecast-MFC-AGG-ID: gVKE815NPmuw14V4hOs6Mg_1774602813
To: devel@lists.libvirt.org
Subject: [PATCH] virpci: Stop writing out of bounds in virPCIDeviceReadClass()
Date: Fri, 27 Mar 2026 10:13:26 +0100
Message-ID: 
 <c63f09c6ed9196658c60679a4273488409010955.1774602806.git.mprivozn@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: jAOjWytcKx9cIgDfO6A88t28OLQ_AKWDMZkn-X4wDxQ_1774602813
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: VOPUWQFBHYACFGYZBC3UODOBZJEOQP5I
X-Message-ID-Hash: VOPUWQFBHYACFGYZBC3UODOBZJEOQP5I
X-MailFrom: mprivozn@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; header-match-devel.lists.libvirt.org-0; emergency;
 member-moderation; nonmember-moderation; administrivia; implicit-dest;
 max-recipients; max-size; news-moderation; no-subject; digests;
 suspicious-header
X-Mailman-Version: 3.3.10
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/VOPUWQFBHYACFGYZBC3UODOBZJEOQP5I/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Owner: <mailto:devel-owner@lists.libvirt.org>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
From: Michal Privoznik via Devel <devel@lists.libvirt.org>
Reply-To: Michal Privoznik <mprivozn@redhat.com>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1774602855397154100

From: Michal Privoznik <mprivozn@redhat.com>

Inside of virPCIDeviceReadClass() there's a call to
virFileReadAll(). This reads contents of given file into a buffer
(id_str). To make sure the buffer is NUL terminated string
there's then write of NUL byte at 9th position of the buffer.
Well, this is redundant as virFileReadAll() made sure the buffer
is properly terminated on success (transitively=C2=B8 via
saferead_lim()). But it is also wrong, because there's no
guarantee the file is more than 8 bytes long.

Just remove the NUL termination and rely on virFileReadAll() to
properly terminate the buffer.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
---
 src/util/virpci.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/util/virpci.c b/src/util/virpci.c
index ca6f2e8210..2e32ed17ff 100644
--- a/src/util/virpci.c
+++ b/src/util/virpci.c
@@ -487,7 +487,6 @@ virPCIDeviceReadClass(virPCIDevice *dev, uint16_t *devi=
ce_class)
     if (virFileReadAll(path, 9, &id_str) < 0)
         return -1;
=20
-    id_str[8] =3D '\0';
     if (virStrToLong_ui(id_str, NULL, 16, &value) < 0) {
         virReportError(VIR_ERR_INTERNAL_ERROR,
                        _("Unusual value in %1$s/devices/%2$s/class: %3$s"),
--=20
2.52.0