From: Halil Pasic <pasic@linux.ibm.com>
Date: Fri, 20 Mar 2020 14:31:01 +0000 (+0100)
Subject: s390/ipl: fix off-by-one in update_machine_ipl_properties()
X-Git-Tag: v5.0.0-rc0~6^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7722837369eb1c7e808021d79da68afa0c01c26f;p=thirdparty%2Fqemu.git

s390/ipl: fix off-by-one in update_machine_ipl_properties()

In update_machine_ipl_properties() the array ascii_loadparm needs to
hold the 8 char loadparm and a string terminating zero char.

Let's increase the size of ascii_loadparm accordingly.

Signed-off-by: Halil Pasic <pasic@linux.ibm.com>
Fixes: 0a01e082a428 ("s390/ipl: sync back loadparm")
Fixes: Coverity CID 1421966
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20200320143101.41764-1-pasic@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
---

diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
index b81942e1e6f..8c3e0195717 100644
--- a/hw/s390x/ipl.c
+++ b/hw/s390x/ipl.c
@@ -546,7 +546,7 @@ static void update_machine_ipl_properties(IplParameterBlock *iplb)
     /* Sync loadparm */
     if (iplb->flags & DIAG308_FLAGS_LP_VALID) {
         uint8_t *ebcdic_loadparm = iplb->loadparm;
-        char ascii_loadparm[8];
+        char ascii_loadparm[9];
         int i;
 
         for (i = 0; i < 8 && ebcdic_loadparm[i]; i++) {