git.proxmox.com Git - qemu.git/commit

author	Asias He <asias@redhat.com>
	Fri, 13 Sep 2013 06:56:55 +0000 (14:56 +0800)
committer	Michael Roth <mdroth@linux.vnet.ibm.com>
	Fri, 4 Oct 2013 15:18:56 +0000 (10:18 -0500)
commit	fdcbe7d587a64dec0db0d3c9a3b230c39efbfeef
tree	5f4cf8b82bb1407a4cb628babae299eec882f56d	tree
parent	1b5f7709411a412ec8ce21004a47f51ab6c3f3ad	commit \| diff

scsi: Allocate SCSITargetReq r->buf dynamically

BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1007330
Brew: https://brewweb.devel.redhat.com/taskinfo?taskID=6282465

This is the backport of the following commit. The patch is not
sent public since it is a embargoed bug.

   r->buf is hardcoded to 2056 which is (256 + 1) * 8, allowing 256 luns at
   most. If more than 256 luns are specified by user, we have buffer
   overflow in scsi_target_emulate_report_luns.

   To fix, we allocate the buffer dynamically.

Signed-off-by: Asias He <asias@redhat.com>
Signed-off-by: Asias He <asias@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
*s/&r->buf/r->buf/ due to type change

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

hw/scsi/scsi-bus.c		diff \| blob \| blame \| history
include/hw/scsi/scsi.h		diff \| blob \| blame \| history