aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--hw/usb-bus.c12
1 files changed, 7 insertions, 5 deletions
diff --git a/hw/usb-bus.c b/hw/usb-bus.c
index ac56fbcf0d..abc7e61a59 100644
--- a/hw/usb-bus.c
+++ b/hw/usb-bus.c
@@ -298,20 +298,22 @@ static char *usb_get_fw_dev_path(DeviceState *qdev)
{
USBDevice *dev = DO_UPCAST(USBDevice, qdev, qdev);
char *fw_path, *in;
- int pos = 0;
+ ssize_t pos = 0, fw_len;
long nr;
- fw_path = qemu_malloc(32 + strlen(dev->port->path) * 6);
+ fw_len = 32 + strlen(dev->port->path) * 6;
+ fw_path = qemu_malloc(fw_len);
in = dev->port->path;
- while (true) {
+ while (fw_len - pos > 0) {
nr = strtol(in, &in, 10);
if (in[0] == '.') {
/* some hub between root port and device */
- pos += sprintf(fw_path + pos, "hub@%ld/", nr);
+ pos += snprintf(fw_path + pos, fw_len - pos, "hub@%ld/", nr);
in++;
} else {
/* the device itself */
- pos += sprintf(fw_path + pos, "%s@%ld", qdev_fw_name(qdev), nr);
+ pos += snprintf(fw_path + pos, fw_len - pos, "%s@%ld",
+ qdev_fw_name(qdev), nr);
break;
}
}