[libvirt] [PATCH v3 python 2/2] don't overrun buffer when converting cpumap
Peter Krempa
pkrempa at redhat.com
Fri Nov 11 13:32:44 UTC 2016
On Thu, Nov 03, 2016 at 20:05:52 +0300, Konstantin Neumoin wrote:
> If we pass large(more than cpunum) cpu mask to any libvirt_virDomainPin*
> function, it could leads to crash. So we have to check tuple size in
> virPyCpumapConvert and ignore extra tuple members.
>
> Signed-off-by: Konstantin Neumoin <kneumoin at virtuozzo.com>
> ---
> libvirt-utils.c | 13 +++++++++----
> 1 file changed, 9 insertions(+), 4 deletions(-)
>
> diff --git a/libvirt-utils.c b/libvirt-utils.c
> index 09cc1c3..ac3606b 100644
> --- a/libvirt-utils.c
> +++ b/libvirt-utils.c
> @@ -623,7 +623,15 @@ virPyCpumapConvert(int cpunum,
> return -1;
> }
>
> - for (i = 0; i < tuple_size; i++) {
> + /* Not presented elements of the tuple will be filled by zeros.
> + * Only first "cpunum" elements make sense, so the rest
> + * of the bits from the tuple will be ignored. */
> + for (i = 0; i < cpunum; i++) {
> + if (i >= tuple_size) {
> + VIR_UNUSE_CPU(*cpumapptr, i);
You don't really need to UNUSE the cpus since the array was cleared when
allocated. I'll tweak it and push the patch in a while.
Thanks for fixing the bug.
Peter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20161111/ec845d27/attachment-0001.sig>
More information about the libvir-list
mailing list