ipmi:smbus: Add a check around a memcpy
In one case: memcpy(sid->inmsg + sid->inlen, buf, len); if len == 0 then sid->inmsg + sig->inlen can point to one past the inmsg array if the array is full. We have to allow len == 0 due to some vagueness in the spec, but we don't have to call memcpy. Found by Coverity. This is not a problem in practice, but the results are technically (maybe) undefined. So make Coverity happy. Reported-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Corey Minyard <cminyard@mvista.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
parent
cc42559ab1
commit
3fde641e72
@ -281,7 +281,9 @@ static int ipmi_write_data(SMBusDevice *dev, uint8_t *buf, uint8_t len)
|
||||
*/
|
||||
send = true;
|
||||
}
|
||||
memcpy(sid->inmsg + sid->inlen, buf, len);
|
||||
if (len > 0) {
|
||||
memcpy(sid->inmsg + sid->inlen, buf, len);
|
||||
}
|
||||
sid->inlen += len;
|
||||
break;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user