[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL v3 34/51] ivshmem-client: check the number of vectors
From: |
marcandre . lureau |
Subject: |
[Qemu-devel] [PULL v3 34/51] ivshmem-client: check the number of vectors |
Date: |
Tue, 13 Oct 2015 16:26:01 +0200 |
From: Marc-André Lureau <address@hidden>
Check the number of vectors received from the server, to avoid
out of bound array access.
Signed-off-by: Marc-André Lureau <address@hidden>
Reviewed-by: Claudio Fontana <address@hidden>
---
contrib/ivshmem-client/ivshmem-client.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/contrib/ivshmem-client/ivshmem-client.c
b/contrib/ivshmem-client/ivshmem-client.c
index fcc0930..bfaf584 100644
--- a/contrib/ivshmem-client/ivshmem-client.c
+++ b/contrib/ivshmem-client/ivshmem-client.c
@@ -128,6 +128,11 @@ ivshmem_client_handle_server_msg(IvshmemClient *client)
/* new vector */
IVSHMEM_CLIENT_DEBUG(client, " new vector %d (fd=%d) for peer id %ld\n",
peer->vectors_count, fd, peer->id);
+ if (peer->vectors_count >= G_N_ELEMENTS(peer->vectors)) {
+ IVSHMEM_CLIENT_DEBUG(client, "Too many vectors received, failing");
+ return -1;
+ }
+
peer->vectors[peer->vectors_count] = fd;
peer->vectors_count++;
--
2.4.3
- [Qemu-devel] [PULL v3 22/51] ivshmem: use common return, (continued)
- [Qemu-devel] [PULL v3 22/51] ivshmem: use common return, marcandre . lureau, 2015/10/13
- [Qemu-devel] [PULL v3 19/51] ivshmem: improve error handling, marcandre . lureau, 2015/10/13
- [Qemu-devel] [PULL v3 25/51] ivshmem: shmfd can be 0, marcandre . lureau, 2015/10/13
- [Qemu-devel] [PULL v3 20/51] ivshmem: print error on invalid peer id, marcandre . lureau, 2015/10/13
- [Qemu-devel] [PULL v3 26/51] ivshmem: check shm isn't already initialized, marcandre . lureau, 2015/10/13
- [Qemu-devel] [PULL v3 24/51] ivshmem: migrate with VMStateDescription, marcandre . lureau, 2015/10/13
- [Qemu-devel] [PULL v3 28/51] ivshmem: fix pci_ivshmem_exit(), marcandre . lureau, 2015/10/13
- [Qemu-devel] [PULL v3 31/51] ivshmem: reset mask on device reset, marcandre . lureau, 2015/10/13
- [Qemu-devel] [PULL v3 35/51] ivshmem-server: use a uint16 for client ID, marcandre . lureau, 2015/10/13
- [Qemu-devel] [PULL v3 29/51] ivshmem: replace 'guest' for 'peer' appropriately, marcandre . lureau, 2015/10/13
- [Qemu-devel] [PULL v3 34/51] ivshmem-client: check the number of vectors,
marcandre . lureau <=
- [Qemu-devel] [PULL v3 30/51] ivshmem: error on too many eventfd received, marcandre . lureau, 2015/10/13
- [Qemu-devel] [PULL v3 33/51] contrib: add ivshmem client and server, marcandre . lureau, 2015/10/13
- [Qemu-devel] [PULL v3 43/51] tests: add ivshmem qtest, marcandre . lureau, 2015/10/13
- [Qemu-devel] [PULL v3 44/51] ivshmem: do not keep shm_fd open, marcandre . lureau, 2015/10/13
- [Qemu-devel] [PULL v3 36/51] ivshmem-server: fix hugetlbfs support, marcandre . lureau, 2015/10/13
- [Qemu-devel] [PULL v3 37/51] docs: update ivshmem device spec, marcandre . lureau, 2015/10/13
- [Qemu-devel] [PULL v3 42/51] glib-compat: add 2.38/2.40/2.46 asserts, marcandre . lureau, 2015/10/13
- [Qemu-devel] [PULL v3 48/51] ivshmem: rename MSI eventfd_table, marcandre . lureau, 2015/10/13
- [Qemu-devel] [PULL v3 50/51] ivshmem: use little-endian int64_t for the protocol, marcandre . lureau, 2015/10/13
- [Qemu-devel] [PULL v3 47/51] ivshmem: remove EventfdEntry.vector, marcandre . lureau, 2015/10/13