From: Daniel P. Berrange <berrange@redhat.com>
Date: Tue, 24 Aug 2010 11:00:41 +0000 (+0100)
Subject: Fix off-by-1 in QEMU boot arg array handling
X-Git-Tag: v0.8.4~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=48ab20999feea2d389eac8e06519b4822f524ec2;p=thirdparty%2Flibvirt.git

Fix off-by-1 in QEMU boot arg array handling

A QEMU guest can have upto VIR_DOMAIN_BOOT_LAST boot entries
defined. When building the QEMU arg, each entry takes a
single byte. This means the array must be declared to be
VIR_DOMAIN_BOOT_LAST+1 bytes in length to allow for the
trailing null

* src/qemu/qemu_conf.c: Fix off-by-1 boot arg array size
---

diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index aa34d63ddb..7a37c70313 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -3662,7 +3662,7 @@ int qemudBuildCommandLine(virConnectPtr conn,
 {
     int i;
     char memory[50];
-    char boot[VIR_DOMAIN_BOOT_LAST];
+    char boot[VIR_DOMAIN_BOOT_LAST+1];
     struct utsname ut;
     int disableKQEMU = 0;
     int enableKQEMU = 0;