[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] PATCH: Fix mem corruption after detaching Xen device



The XM driver's implementation of the 'detach device' command is causing
memory corruption, but passing the wrong size information to memmove()
by passing number of elements to move, instead of amount of memory to
move. This patch fixes it

Daniel

diff -rup libvirt-0.6.2.orig/src/xm_internal.c libvirt-0.6.2.new/src/xm_internal.c
--- libvirt-0.6.2.orig/src/xm_internal.c	2009-04-03 15:04:28.000000000 +0100
+++ libvirt-0.6.2.new/src/xm_internal.c	2009-04-23 10:53:10.000000000 +0100
@@ -2912,7 +2912,8 @@ xenXMDomainDetachDevice(virDomainPtr dom
                 if (i < (def->ndisks - 1))
                     memmove(def->disks + i,
                             def->disks + i + 1,
-                            def->ndisks - (i + 1));
+                            sizeof(*def->disks) *
+                            (def->ndisks - (i + 1)));
                 break;
             }
         }
@@ -2929,7 +2930,8 @@ xenXMDomainDetachDevice(virDomainPtr dom
                 if (i < (def->nnets - 1))
                     memmove(def->nets + i,
                             def->nets + i + 1,
-                            def->nnets - (i + 1));
+                            sizeof(*def->nets) *
+                            (def->nnets - (i + 1)));
                 break;
             }
         }


-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]