vmdk: Fix vmdk_parse_extents

An extra 'p++' after while loop when *p == '\n' will move p to unknown data position, risking parsing junk data or memory access violation. Cc: qemu-stable@nongnu.org Signed-off-by: Fam Zheng <famz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2013-10-11 19:48:29 +08:00 · 2013-10-11 19:48:29 +08:00 · 899f1ae219
parent b681072d20
commit 899f1ae219
1 changed files with 5 additions and 2 deletions
--- a/block/vmdk.c
+++ b/block/vmdk.c
@ -772,10 +772,13 @@ static int vmdk_parse_extents(const char *desc, BlockDriverState *bs,
        }
 next_line:
        /* move to next line */
-        while (*p && *p != '\n') {
+        while (*p) {
+            if (*p == '\n') {
+                p++;
+                break;
+            }
            p++;
        }
-        p++;
    }
    return 0;
 }