[Qemu-devel] [PULL 32/48] ivshmem-client: check the number of vectors

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PULL 32/48] ivshmem-client: check the number of vectors

From:	marcandre . lureau
Subject:	[Qemu-devel] [PULL 32/48] ivshmem-client: check the number of vectors
Date:	Tue, 6 Oct 2015 21:19:28 +0200

From: Marc-André Lureau <address@hidden>

Check the number of vectors received from the server, to avoid
out of bound array access.

Signed-off-by: Marc-André Lureau <address@hidden>
Reviewed-by: Claudio Fontana <address@hidden>
---
 contrib/ivshmem-client/ivshmem-client.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/contrib/ivshmem-client/ivshmem-client.c 
b/contrib/ivshmem-client/ivshmem-client.c
index 11c805c..a1198df 100644
--- a/contrib/ivshmem-client/ivshmem-client.c
+++ b/contrib/ivshmem-client/ivshmem-client.c
@@ -128,6 +128,11 @@ ivshmem_client_handle_server_msg(IvshmemClient *client)
     /* new vector */
     IVSHMEM_CLIENT_DEBUG(client, "  new vector %d (fd=%d) for peer id %ld\n",
                          peer->vectors_count, fd, peer->id);
+    if (peer->vectors_count >= G_N_ELEMENTS(peer->vectors)) {
+        IVSHMEM_CLIENT_DEBUG(client, "Too many vectors received, failing");
+        return -1;
+    }
+
     peer->vectors[peer->vectors_count] = fd;
     peer->vectors_count++;
 
-- 
2.4.3

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PULL 00/48] ivshmem series, marcandre . lureau, 2015/10/08
- [Qemu-devel] [PULL 12/48] ivshmem: simplify around increase_dynamic_storage(), marcandre . lureau, 2015/10/08
- [Qemu-devel] [PULL 39/48] qtest: add qtest_add_abrt_handler(), marcandre . lureau, 2015/10/08
- [Qemu-devel] [PULL 24/48] ivshmem: shmfd can be 0, marcandre . lureau, 2015/10/08
- [Qemu-devel] [PULL 45/48] ivshmem: remove EventfdEntry.vector, marcandre . lureau, 2015/10/08
- [Qemu-devel] [PULL 43/48] ivshmem: use qemu_strtosz(), marcandre . lureau, 2015/10/08
- [Qemu-devel] [PULL 19/48] ivshmem: print error on invalid peer id, marcandre . lureau, 2015/10/08
- [Qemu-devel] [PULL 34/48] ivshmem-server: fix hugetlbfs support, marcandre . lureau, 2015/10/08
- [Qemu-devel] [PULL 11/48] ivshmem: limit maximum number of peers to G_MAXUINT16, marcandre . lureau, 2015/10/08
- [Qemu-devel] [PULL 32/48] ivshmem-client: check the number of vectors, marcandre . lureau <=
- [Qemu-devel] [PULL 13/48] ivshmem: allocate eventfds in resize_peers(), marcandre . lureau, 2015/10/08
- [Qemu-devel] [PULL 05/48] ivshmem: factor out the incoming fifo handling, marcandre . lureau, 2015/10/08
- [Qemu-devel] [PULL 08/48] ivshmem: remove useless doorbell field, marcandre . lureau, 2015/10/08
- [Qemu-devel] [PULL 14/48] ivshmem: remove useless ivshmem_update_irq() val argument, marcandre . lureau, 2015/10/08
- [Qemu-devel] [PULL 28/48] ivshmem: replace 'guest' for 'peer' appropriately, marcandre . lureau, 2015/10/08
- [Qemu-devel] [PULL 33/48] ivshmem-server: use a uint16 for client ID, marcandre . lureau, 2015/10/08
- [Qemu-devel] [PULL 07/48] ivshmem: remove superflous ivshmem_attr field, marcandre . lureau, 2015/10/08
- [Qemu-devel] [PULL 17/48] ivshmem: improve debug messages, marcandre . lureau, 2015/10/08
- [Qemu-devel] [PULL 21/48] ivshmem: use common return, marcandre . lureau, 2015/10/08
- [Qemu-devel] [PULL 09/48] ivshmem: more qdev conversion, marcandre . lureau, 2015/10/08

Prev by Date: [Qemu-devel] [PULL 11/48] ivshmem: limit maximum number of peers to G_MAXUINT16
Next by Date: [Qemu-devel] [PATCH v6] target-tilegx: Support iret instruction and related special registers
Previous by thread: [Qemu-devel] [PULL 11/48] ivshmem: limit maximum number of peers to G_MAXUINT16
Next by thread: [Qemu-devel] [PULL 13/48] ivshmem: allocate eventfds in resize_peers()
Index(es):
- Date
- Thread