From nobody Mon Feb 9 13:48:20 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org ARC-Seal: i=1; a=rsa-sha256; t=1609769684; cv=none; d=zohomail.com; s=zohoarc; b=ZI5C+HZgJiimtH/9LHS8w0m1VB9gi6M3jmJUNR0ndT84xuxWYXBU+jm9dfU4q6b3nw9Eo7OCeZM7ooq22E+eUmzK0Rkzl+gFw44oB1DxY357fDQTJF1JA/dZycghQj3KkAppbUhAAoHuAvIQxclGbZ3tl42wVRnGeKXb5IHkuAg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1609769684; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To; bh=4XaOwA7abEwGlD3tvHPzDd6tuX/cyQ6Xh9Rb+XSyxlU=; b=k4wZUgCWKGHGvrTJkStO48LbV1daJVxOPqzNxDnOn3hiKz1qZ726R2V4Idj0Ud7jH9EyObbDiAxn4qO+DM3F8RpE+ySrxjKrbEglg8u/cbZYR0a5Az7xEULdQqGvTT9zBdRqtopE2gLfnZCH/zSAs3e1hA1BV0fhMZI8/cG7aRQ= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1609769684569582.7840742222488; Mon, 4 Jan 2021 06:14:44 -0800 (PST) Received: from localhost ([::1]:55072 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kwQd8-000054-0b for importer@patchew.org; Mon, 04 Jan 2021 09:14:42 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:40786) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kwQbs-00083B-Ag; Mon, 04 Jan 2021 09:13:24 -0500 Received: from szxga05-in.huawei.com ([45.249.212.191]:3018) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kwQbm-0002nW-4I; Mon, 04 Jan 2021 09:13:23 -0500 Received: from DGGEMS413-HUB.china.huawei.com (unknown [172.30.72.60]) by szxga05-in.huawei.com (SkyGuard) with ESMTP id 4D8cyB06pCzj2YQ; Mon, 4 Jan 2021 22:12:02 +0800 (CST) Received: from huawei.com (10.175.104.175) by DGGEMS413-HUB.china.huawei.com (10.3.19.213) with Microsoft SMTP Server id 14.3.498.0; Mon, 4 Jan 2021 22:12:45 +0800 From: Gan Qixin To: , Subject: [PATCH] qtest/libqtest.c: fix heap-buffer-overflow in qtest_cb_for_every_machine() Date: Mon, 4 Jan 2021 22:10:25 +0800 Message-ID: <20210104141025.496193-1-ganqixin@huawei.com> X-Mailer: git-send-email 2.27.0 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Originating-IP: [10.175.104.175] X-CFilter-Loop: Reflected Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=45.249.212.191; envelope-from=ganqixin@huawei.com; helo=szxga05-in.huawei.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , Thomas Huth , zhang.zhanghailiang@huawei.com, Gan Qixin , Euler Robot , kuhn.chenqun@huawei.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" When the length of mname is less than 5, memcpy ("xenfv", mname, 5) will ca= use heap buffer overflow. Therefore, use strcmp to avoid this problem. The asan showed stack: ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000f2f4 at pc 0x7f65d8cc2225 bp 0x7ffe93cc5a60 sp 0x7ffe93cc5208 READ of size 5 at 0x60200000f2f4 thread T0 #0 0x7f65d8cc2224 in memcmp (/lib64/libasan.so.5+0xdf224) #1 0x5632c20be95b in qtest_cb_for_every_machine tests/qtest/libqtest.c:= 1282 #2 0x5632c20b7995 in main tests/qtest/test-hmp.c:160 #3 0x7f65d88fed42 in __libc_start_main (/lib64/libc.so.6+0x26d42) #4 0x5632c20b72cd in _start (build/tests/qtest/test-hmp+0x542cd) Reported-by: Euler Robot Signed-off-by: Gan Qixin --- Cc: Thomas Huth Cc: Laurent Vivier --- tests/qtest/libqtest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/qtest/libqtest.c b/tests/qtest/libqtest.c index e49f3a1e45..e8179a3509 100644 --- a/tests/qtest/libqtest.c +++ b/tests/qtest/libqtest.c @@ -1281,7 +1281,7 @@ void qtest_cb_for_every_machine(void (*cb)(const char= *machine), g_assert(qstr); mname =3D qstring_get_str(qstr); /* Ignore machines that cannot be used for qtests */ - if (!memcmp("xenfv", mname, 5) || g_str_equal("xenpv", mname)) { + if (!strcmp("xenfv", mname) || g_str_equal("xenpv", mname)) { continue; } if (!skip_old_versioned || !qtest_is_old_versioned_machine(mname))= { --=20 2.23.0