vvfat: fix out of bounds array_get usage
When reading the address of the first free entry, you cannot use array_get without first marking all entries as occupied. This is visible if you change the sectors per cluster on a floppy from 2 to 1. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This commit is contained in:
Paolo Bonzini
Kevin Wolf
parent
756f51e408
commit
2b6a43a835
@ -799,6 +799,7 @@ static int read_directory(BDRVVVFATState* s, int mapping_index)
|
||||
/* root directory */
|
||||
int cur = s->directory.next;
|
||||
array_ensure_allocated(&(s->directory), ROOT_ENTRIES - 1);
|
||||
s->directory.next = ROOT_ENTRIES;
|
||||
memset(array_get(&(s->directory), cur), 0,
|
||||
(ROOT_ENTRIES - cur) * sizeof(direntry_t));
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user