ui: fix vc_chr_write call in text_console_do_init

[PATCH] ui: fix vc_chr_write call in text_console_do_init

Gerd Hoffmann posted 1 patch 3 years, 9 months ago

Download mbox

Test FreeBSD passed

Test docker-quick@centos7 passed

Test checkpatch passed

Test docker-mingw@fedora passed

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20200701181801.27935-1-kraxel@redhat.com

Maintainers: Gerd Hoffmann <kraxel@redhat.com>

ui/console.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)

Expand all Fold all

[PATCH] ui: fix vc_chr_write call in text_console_do_init

Posted by Gerd Hoffmann 3 years, 9 months ago

In case the string doesn't fit into the buffer snprintf returns the size
it would need, so len can be larger than the buffer.  Fix this by simply
using g_strdup_printf() instead of a static buffer.

Reported-by: Wenxiang Qian <leonwxqian@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 ui/console.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ui/console.c b/ui/console.c
index 865fa3263597..5ba0f21831cb 100644
--- a/ui/console.c
+++ b/ui/console.c
@@ -2184,12 +2184,12 @@ static void text_console_do_init(Chardev *chr, DisplayState *ds)
     text_console_resize(s);
 
     if (chr->label) {
-        char msg[128];
-        int len;
+        char *msg;
 
         s->t_attrib.bgcol = QEMU_COLOR_BLUE;
-        len = snprintf(msg, sizeof(msg), "%s console\r\n", chr->label);
-        vc_chr_write(chr, (uint8_t *)msg, len);
+        msg = g_strdup_printf("%s console\r\n", chr->label);
+        vc_chr_write(chr, (uint8_t *)msg, strlen(msg));
+        g_free(msg);
         s->t_attrib = s->t_attrib_default;
     }
 
-- 
2.18.4