diff options
author | Avi Kivity <avi@redhat.com> | 2012-01-09 13:59:50 +0200 |
---|---|---|
committer | Avi Kivity <avi@redhat.com> | 2012-01-09 13:59:50 +0200 |
commit | 637f7a6a01e09bc39f7b3a24257a9cd6ea396ca0 (patch) | |
tree | dee4bbeb6cc64db9d622542587363ea84af23321 | |
parent | d743c382861eaa1e13f503b05aba5a382a7e7f7c (diff) | |
download | qemu-637f7a6a01e09bc39f7b3a24257a9cd6ea396ca0.tar.gz qemu-637f7a6a01e09bc39f7b3a24257a9cd6ea396ca0.tar.bz2 qemu-637f7a6a01e09bc39f7b3a24257a9cd6ea396ca0.zip |
vhost: fix mem_sections memory corruption
A memset() used to delete an entry in an array did not take into account
the array element's size.
Signed-off-by: Avi Kivity <avi@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
-rw-r--r-- | hw/vhost.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/hw/vhost.c b/hw/vhost.c index 541c7163b2..d924fb0e4d 100644 --- a/hw/vhost.c +++ b/hw/vhost.c @@ -456,7 +456,7 @@ static void vhost_region_del(MemoryListener *listener, == section->offset_within_address_space) { --dev->n_mem_sections; memmove(&dev->mem_sections[i], &dev->mem_sections[i+1], - dev->n_mem_sections - i); + (dev->n_mem_sections - i) * sizeof(*dev->mem_sections)); break; } } |