[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH v5 32/48] ivshmem-client: check the number of vector
From: |
marcandre . lureau |
Subject: |
[Qemu-devel] [PATCH v5 32/48] ivshmem-client: check the number of vectors |
Date: |
Fri, 2 Oct 2015 21:09:35 +0200 |
From: Marc-André Lureau <address@hidden>
Check the number of vectors received from the server, to avoid
out of bound array access.
Signed-off-by: Marc-André Lureau <address@hidden>
---
contrib/ivshmem-client/ivshmem-client.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/contrib/ivshmem-client/ivshmem-client.c
b/contrib/ivshmem-client/ivshmem-client.c
index 11c805c..34a65b1 100644
--- a/contrib/ivshmem-client/ivshmem-client.c
+++ b/contrib/ivshmem-client/ivshmem-client.c
@@ -128,6 +128,11 @@ ivshmem_client_handle_server_msg(IvshmemClient *client)
/* new vector */
IVSHMEM_CLIENT_DEBUG(client, " new vector %d (fd=%d) for peer id %ld\n",
peer->vectors_count, fd, peer->id);
+ if (peer->vectors_count >= G_N_ELEMENTS(peer->vectors)) {
+ IVSHMEM_CLIENT_DEBUG(client, "Too many vector received, failing");
+ return -1;
+ }
+
peer->vectors[peer->vectors_count] = fd;
peer->vectors_count++;
--
2.4.3
- [Qemu-devel] [PATCH v5 45/48] ivshmem: remove EventfdEntry.vector, (continued)
- [Qemu-devel] [PATCH v5 45/48] ivshmem: remove EventfdEntry.vector, marcandre . lureau, 2015/10/08
- [Qemu-devel] [PATCH v5 48/48] ivshmem: use little-endian int64_t for the protocol, marcandre . lureau, 2015/10/08
- [Qemu-devel] [PATCH v5 04/48] ivshmem: fix number of bytes to push to fifo, marcandre . lureau, 2015/10/08
- [Qemu-devel] [PATCH v5 07/48] ivshmem: remove superflous ivshmem_attr field, marcandre . lureau, 2015/10/08
- [Qemu-devel] [PATCH v5 05/48] ivshmem: factor out the incoming fifo handling, marcandre . lureau, 2015/10/08
- [Qemu-devel] [PATCH v5 09/48] ivshmem: more qdev conversion, marcandre . lureau, 2015/10/08
- [Qemu-devel] [PATCH v5 10/48] ivshmem: remove last exit(1), marcandre . lureau, 2015/10/08
- [Qemu-devel] [PATCH v5 15/48] ivshmem: initialize max_peer to -1, marcandre . lureau, 2015/10/08
- [Qemu-devel] [PATCH v5 21/48] ivshmem: use common return, marcandre . lureau, 2015/10/08
- [Qemu-devel] [PATCH v5 44/48] ivshmem: add hostmem backend, marcandre . lureau, 2015/10/08
- [Qemu-devel] [PATCH v5 32/48] ivshmem-client: check the number of vectors,
marcandre . lureau <=
- [Qemu-devel] [PATCH v5 47/48] ivshmem: use kvm irqfd for msi notifications, marcandre . lureau, 2015/10/08
- [Qemu-devel] [PATCH v5 43/48] ivshmem: use qemu_strtosz(), marcandre . lureau, 2015/10/08