From: Akihiko Odaki <[email protected]> qemu_smbios_type11_opts did not have the list terminator and that resulted in out-of-bound memory access. It also needs to have an element for the type option.
Cc: [email protected] Fixes: 2d6dcbf93fb0 ("smbios: support setting OEM strings table") Signed-off-by: Akihiko Odaki <[email protected]> Reviewed-by: Michael Tokarev <[email protected]> Message-Id: <[email protected]> Reviewed-by: Ani Sinha <[email protected]> Reviewed-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Michael S. Tsirkin <[email protected]> --- hw/smbios/smbios.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hw/smbios/smbios.c b/hw/smbios/smbios.c index c0c5a81e66..a9048c1342 100644 --- a/hw/smbios/smbios.c +++ b/hw/smbios/smbios.c @@ -375,6 +375,11 @@ static const QemuOptDesc qemu_smbios_type8_opts[] = { }; static const QemuOptDesc qemu_smbios_type11_opts[] = { + { + .name = "type", + .type = QEMU_OPT_NUMBER, + .help = "SMBIOS element type", + }, { .name = "value", .type = QEMU_OPT_STRING, @@ -385,6 +390,7 @@ static const QemuOptDesc qemu_smbios_type11_opts[] = { .type = QEMU_OPT_STRING, .help = "OEM string data from file", }, + { /* end of list */ } }; static const QemuOptDesc qemu_smbios_type17_opts[] = { -- MST
