From cfe638ef808c847164c0e70ce6b336b79be4debe Mon Sep 17 00:00:00 2001
From: Peter Krempa <pkrempa@redhat.com>
Date: Thu, 17 Oct 2024 09:47:07 +0200
Subject: [PATCH] virBitmapNewCopy: Honor sizes of either bitmap when doing
 memcpy()

'virBitmapNewCopy()' allocates a new bitmap with the same number of bits
but uses the internal allocation length as argument for the memcpy()
operation to copy the bits. Due to bugs in other code these may not be
the same resulting into a buffer overflow if the source is
over-allocated. Use the buffer length of the target bitmap instead.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---
 src/util/virbitmap.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/util/virbitmap.c b/src/util/virbitmap.c
index b8d0352bb1..a1a8c5d126 100644
--- a/src/util/virbitmap.c
+++ b/src/util/virbitmap.c
@@ -582,7 +582,7 @@ virBitmapNewCopy(virBitmap *src)
 {
     virBitmap *dst = virBitmapNew(src->nbits);
 
-    memcpy(dst->map, src->map, src->map_len * sizeof(src->map[0]));
+    memcpy(dst->map, src->map, dst->map_len * sizeof(src->map[0]));
 
     return dst;
 }
-- 
2.47.2