Fix current CI failures and document behaviour

[PATCH 1/6] virPCIDeviceReadClass: Don't write beyond end of buffer from virFileReadAll

Posted by Peter Krempa via Devel 6 days, 7 hours ago

From: Peter Krempa <pkrempa@redhat.com>

The returned class string from the kernel isn't guaranteed to be always
9 bytes, thus the write to the buffer could happen beyond the guaranteed
length.

Since 'virFileReadAll' already NUL-terminates the buffer just delete
the redundant overwrite.

This fixes an invalid write beyond the end of the buffer happening since
458c6a281001d51fd9796 where the returned buffer is shortened.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
---
 src/util/virpci.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/util/virpci.c b/src/util/virpci.c
index ca6f2e8210..2e32ed17ff 100644
--- a/src/util/virpci.c
+++ b/src/util/virpci.c
@@ -487,7 +487,6 @@ virPCIDeviceReadClass(virPCIDevice *dev, uint16_t *device_class)
     if (virFileReadAll(path, 9, &id_str) < 0)
         return -1;

-    id_str[8] = '\0';
     if (virStrToLong_ui(id_str, NULL, 16, &value) < 0) {
         virReportError(VIR_ERR_INTERNAL_ERROR,
                        _("Unusual value in %1$s/devices/%2$s/class: %3$s"),
-- 
2.53.0

[PATCH 1/6] virPCIDeviceReadClass: Don't write beyond end of buffer from virFileReadAll
[PATCH 2/6] virSecretLoadValue: Don't re-termiante the buffer
[PATCH 3/6] virNetDevIPCheckIPv6Forwarding: Don't NUL terminate buffer from virFileReadAll
[PATCH 4/6] virPCIDeviceReadID: Fix use of 'virFileReadAll'
[PATCH 5/6] util: virfile: Document the various functions for reading from file/fd
[PATCH 6/6] util: virfile: Don't over-allocate buffers in saferead_lim