qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH 7/8] migration: fix unbounded stack for source_retur

From: Peter Xu
Subject: [Qemu-devel] [PATCH 7/8] migration: fix unbounded stack for source_return_path_thread
Date: Tue, 8 Mar 2016 15:00:45 +0800 
Suggested-by: Paolo Bonzini <address@hidden>
CC: Juan Quintela <address@hidden>
CC: Amit Shah <address@hidden>
Signed-off-by: Peter Xu <address@hidden>
---
 migration/migration.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/migration/migration.c b/migration/migration.c
index 0129d9f..f1a3976 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -1265,11 +1265,11 @@ static void migrate_handle_rp_req_pages(MigrationState 
*ms, const char* rbname,
  */
 static void *source_return_path_thread(void *opaque)
 {
+#define __MAX_LEN (512)
     MigrationState *ms = opaque;
     QEMUFile *rp = ms->rp_state.from_dst_file;
     uint16_t header_len, header_type;
-    const int max_len = 512;
-    uint8_t buf[max_len];
+    uint8_t buf[__MAX_LEN];
     uint32_t tmp32, sibling_error;
     ram_addr_t start = 0; /* =0 to silence warning */
     size_t  len = 0, expected_len;
@@ -1292,7 +1292,7 @@ static void *source_return_path_thread(void *opaque)
 
         if ((rp_cmd_args[header_type].len != -1 &&
             header_len != rp_cmd_args[header_type].len) ||
-            header_len > max_len) {
+            header_len > __MAX_LEN) {
             error_report("RP: Received '%s' message (0x%04x) with"
                     "incorrect length %d expecting %zu",
                     rp_cmd_args[header_type].name, header_type, header_len,
@@ -1372,6 +1372,7 @@ out:
     ms->rp_state.from_dst_file = NULL;
     qemu_fclose(rp);
     return NULL;
+#undef __MAX_LEN
 }
 
 static int open_return_path_on_source(MigrationState *ms)
-- 
2.4.3
reply via email to
[Prev in Thread] Current Thread [Next in Thread]