From: Peter Krempa <pkrempa@redhat.com> The returned class string from the kernel isn't guaranteed to be always 9 bytes, thus the write to the buffer could happen beyond the guaranteed length. Since 'virFileReadAll' already NUL-terminates the buffer just delete the redundant overwrite. This fixes an invalid write beyond the end of the buffer happening since 458c6a281001d51fd9796 where the returned buffer is shortened. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/util/virpci.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/util/virpci.c b/src/util/virpci.c index ca6f2e8210..2e32ed17ff 100644 --- a/src/util/virpci.c +++ b/src/util/virpci.c @@ -487,7 +487,6 @@ virPCIDeviceReadClass(virPCIDevice *dev, uint16_t *device_class) if (virFileReadAll(path, 9, &id_str) < 0) return -1; - id_str[8] = '\0'; if (virStrToLong_ui(id_str, NULL, 16, &value) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("Unusual value in %1$s/devices/%2$s/class: %3$s"), -- 2.53.0