The logic for parsing the multiboot initrd modules was messed up in
commit
950c4e6c94b15cd0d8b63891dddd7a8dbf458e6a
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: Mon Apr 16 12:17:43 2018 +0100
opts: don't silently truncate long option values
Causing the length to be undercounter, and the number of modules over
counted. It also passes NULL to get_opt_value() which was not robust
at accepting a NULL value.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <
20180514171913.17664-2-berrange@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Tested-by: Roman Kagan <rkagan@virtuozzo.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
cmdline_len += strlen(kernel_cmdline) + 1;
if (initrd_filename) {
const char *r = get_opt_value(initrd_filename, NULL);
- cmdline_len += strlen(r) + 1;
- mbs.mb_mods_avail = 1;
+ cmdline_len += strlen(initrd_filename) + 1;
while (1) {
mbs.mb_mods_avail++;
r = get_opt_value(r, NULL);
size_t capacity = 0, length;
const char *offset;
- *value = NULL;
+ if (value) {
+ *value = NULL;
+ }
while (1) {
offset = qemu_strchrnul(p, ',');
length = offset - p;