[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL v2 33/50] ivshmem-client: check the number of vectors
From: |
marcandre . lureau |
Subject: |
[Qemu-devel] [PULL v2 33/50] ivshmem-client: check the number of vectors |
Date: |
Mon, 12 Oct 2015 18:41:27 +0200 |
From: Marc-André Lureau <address@hidden>
Check the number of vectors received from the server, to avoid
out of bound array access.
Signed-off-by: Marc-André Lureau <address@hidden>
Reviewed-by: Claudio Fontana <address@hidden>
---
contrib/ivshmem-client/ivshmem-client.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/contrib/ivshmem-client/ivshmem-client.c
b/contrib/ivshmem-client/ivshmem-client.c
index 11c805c..a1198df 100644
--- a/contrib/ivshmem-client/ivshmem-client.c
+++ b/contrib/ivshmem-client/ivshmem-client.c
@@ -128,6 +128,11 @@ ivshmem_client_handle_server_msg(IvshmemClient *client)
/* new vector */
IVSHMEM_CLIENT_DEBUG(client, " new vector %d (fd=%d) for peer id %ld\n",
peer->vectors_count, fd, peer->id);
+ if (peer->vectors_count >= G_N_ELEMENTS(peer->vectors)) {
+ IVSHMEM_CLIENT_DEBUG(client, "Too many vectors received, failing");
+ return -1;
+ }
+
peer->vectors[peer->vectors_count] = fd;
peer->vectors_count++;
--
2.4.3
- [Qemu-devel] [PULL v2 16/50] ivshmem: initialize max_peer to -1, (continued)
- [Qemu-devel] [PULL v2 16/50] ivshmem: initialize max_peer to -1, marcandre . lureau, 2015/10/12
- [Qemu-devel] [PULL v2 17/50] ivshmem: remove max_peer field, marcandre . lureau, 2015/10/12
- [Qemu-devel] [PULL v2 18/50] ivshmem: improve debug messages, marcandre . lureau, 2015/10/12
- [Qemu-devel] [PULL v2 20/50] ivshmem: print error on invalid peer id, marcandre . lureau, 2015/10/12
- [Qemu-devel] [PULL v2 21/50] ivshmem: simplify a bit the code, marcandre . lureau, 2015/10/12
- [Qemu-devel] [PULL v2 22/50] ivshmem: use common return, marcandre . lureau, 2015/10/12
- [Qemu-devel] [PULL v2 23/50] ivshmem: use common is_power_of_2(), marcandre . lureau, 2015/10/12
- [Qemu-devel] [PULL v2 26/50] ivshmem: check shm isn't already initialized, marcandre . lureau, 2015/10/12
- [Qemu-devel] [PULL v2 29/50] ivshmem: replace 'guest' for 'peer' appropriately, marcandre . lureau, 2015/10/12
- [Qemu-devel] [PULL v2 31/50] ivshmem: reset mask on device reset, marcandre . lureau, 2015/10/12
- [Qemu-devel] [PULL v2 33/50] ivshmem-client: check the number of vectors,
marcandre . lureau <=
- [Qemu-devel] [PULL v2 32/50] contrib: add ivshmem client and server, marcandre . lureau, 2015/10/12
- [Qemu-devel] [PULL v2 34/50] ivshmem-server: use a uint16 for client ID, marcandre . lureau, 2015/10/12
- [Qemu-devel] [PULL v2 37/50] ivshmem: add check on protocol version in QEMU, marcandre . lureau, 2015/10/12
- [Qemu-devel] [PULL v2 38/50] contrib: remove unnecessary strdup(), marcandre . lureau, 2015/10/12
- [Qemu-devel] [PULL v2 40/50] qtest: add qtest_add_abrt_handler(), marcandre . lureau, 2015/10/12
- [Qemu-devel] [PULL v2 41/50] glib-compat: add 2.38/2.40/2.46 asserts, marcandre . lureau, 2015/10/12
- [Qemu-devel] [PULL v2 42/50] tests: add ivshmem qtest, marcandre . lureau, 2015/10/12
- [Qemu-devel] [PULL v2 44/50] ivshmem: use qemu_strtosz(), marcandre . lureau, 2015/10/12
- [Qemu-devel] [PULL v2 47/50] ivshmem: rename MSI eventfd_table, marcandre . lureau, 2015/10/12
- [Qemu-devel] [PULL v2 48/50] ivshmem: use kvm irqfd for msi notifications, marcandre . lureau, 2015/10/12