diff options
author | Dr. David Alan Gilbert <dgilbert@redhat.com> | 2015-05-21 13:24:11 +0100 |
---|---|---|
committer | Juan Quintela <quintela@redhat.com> | 2015-06-12 06:54:01 +0200 |
commit | b3af1bc9d21e6bec7dfd283d91b465c9f815b6d6 (patch) | |
tree | 9028a74e25ff75501161298d9495d78bcd54b40b /migration | |
parent | 5cd8cadae8db905afcbf877cae568c27d1d55a8a (diff) |
Add qemu_get_counted_string to read a string prefixed by a count byte
and use it in loadvm_state and ram_load.
Where ever it's used, check the return and error if it failed.
Minor: ram_load was using a 257 byte array for its string, the
maximum length is 255 bytes + 0 terminator, so fix to 256
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Diffstat (limited to 'migration')
-rw-r--r-- | migration/qemu-file.c | 17 | ||||
-rw-r--r-- | migration/savevm.c | 11 |
2 files changed, 23 insertions, 5 deletions
diff --git a/migration/qemu-file.c b/migration/qemu-file.c index 2750365a7e..0ef543a6df 100644 --- a/migration/qemu-file.c +++ b/migration/qemu-file.c @@ -585,3 +585,20 @@ int qemu_put_qemu_file(QEMUFile *f_des, QEMUFile *f_src) } return len; } + +/* + * Get a string whose length is determined by a single preceding byte + * A preallocated 256 byte buffer must be passed in. + * Returns: len on success and a 0 terminated string in the buffer + * else 0 + * (Note a 0 length string will return 0 either way) + */ +size_t qemu_get_counted_string(QEMUFile *f, char buf[256]) +{ + size_t len = qemu_get_byte(f); + size_t res = qemu_get_buffer(f, (uint8_t *)buf, len); + + buf[res] = 0; + + return res == len ? res : 0; +} diff --git a/migration/savevm.c b/migration/savevm.c index 002f9b8948..2b0aa65cd7 100644 --- a/migration/savevm.c +++ b/migration/savevm.c @@ -973,8 +973,7 @@ int qemu_loadvm_state(QEMUFile *f) while ((section_type = qemu_get_byte(f)) != QEMU_VM_EOF) { uint32_t instance_id, version_id, section_id; SaveStateEntry *se; - char idstr[257]; - int len; + char idstr[256]; trace_qemu_loadvm_state_section(section_type); switch (section_type) { @@ -982,9 +981,11 @@ int qemu_loadvm_state(QEMUFile *f) case QEMU_VM_SECTION_FULL: /* Read section start */ section_id = qemu_get_be32(f); - len = qemu_get_byte(f); - qemu_get_buffer(f, (uint8_t *)idstr, len); - idstr[len] = 0; + if (!qemu_get_counted_string(f, idstr)) { + error_report("Unable to read ID string for section %u", + section_id); + return -EINVAL; + } instance_id = qemu_get_be32(f); version_id = qemu_get_be32(f); |