diff options
author | Gerd Hoffmann <kraxel@redhat.com> | 2020-07-01 20:18:01 +0200 |
---|---|---|
committer | Gerd Hoffmann <kraxel@redhat.com> | 2020-07-13 11:46:35 +0200 |
commit | 185951817dede3dfe4eb1c4c6d262607bee605ef (patch) | |
tree | a5512035068cf08c2f731c44a63cf1da29e1dbf8 | |
parent | 480324ec8d76582fa1c367cc9a0fdb653d4ea96e (diff) |
ui: fix vc_chr_write call in text_console_do_init
In case the string doesn't fit into the buffer snprintf returns the size
it would need, so len can be larger than the buffer. Fix this by simply
using g_strdup_printf() instead of a static buffer.
Reported-by: Wenxiang Qian <leonwxqian@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20200701181801.27935-1-kraxel@redhat.com
-rw-r--r-- | ui/console.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/ui/console.c b/ui/console.c index 08f75c9bf6..0579be792f 100644 --- a/ui/console.c +++ b/ui/console.c @@ -2184,12 +2184,12 @@ static void text_console_do_init(Chardev *chr, DisplayState *ds) text_console_resize(s); if (chr->label) { - char msg[128]; - int len; + char *msg; s->t_attrib.bgcol = QEMU_COLOR_BLUE; - len = snprintf(msg, sizeof(msg), "%s console\r\n", chr->label); - vc_chr_write(chr, (uint8_t *)msg, len); + msg = g_strdup_printf("%s console\r\n", chr->label); + vc_chr_write(chr, (uint8_t *)msg, strlen(msg)); + g_free(msg); s->t_attrib = s->t_attrib_default; } |