summaryrefslogtreecommitdiff
path: root/contrib
diff options
context:
space:
mode:
authorMarc-André Lureau <marcandre.lureau@redhat.com>2015-06-23 16:41:58 +0200
committerMarc-André Lureau <marcandre.lureau@redhat.com>2015-10-24 18:03:16 +0200
commit95204aa951ceb28eb6d4ce43bce09a58cbad83d8 (patch)
tree676d10fcac8d65ba893b2e78088f7c57a72e5f0f /contrib
parenta75eb03b9fca3af291ec2c433ddda06121ae927d (diff)
downloadqemu-95204aa951ceb28eb6d4ce43bce09a58cbad83d8.tar.gz
qemu-95204aa951ceb28eb6d4ce43bce09a58cbad83d8.tar.bz2
qemu-95204aa951ceb28eb6d4ce43bce09a58cbad83d8.zip
ivshmem-client: check the number of vectors
Check the number of vectors received from the server, to avoid out of bound array access. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Diffstat (limited to 'contrib')
-rw-r--r--contrib/ivshmem-client/ivshmem-client.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/contrib/ivshmem-client/ivshmem-client.c b/contrib/ivshmem-client/ivshmem-client.c
index fcc0930eb6..bfaf584ba7 100644
--- a/contrib/ivshmem-client/ivshmem-client.c
+++ b/contrib/ivshmem-client/ivshmem-client.c
@@ -128,6 +128,11 @@ ivshmem_client_handle_server_msg(IvshmemClient *client)
/* new vector */
IVSHMEM_CLIENT_DEBUG(client, " new vector %d (fd=%d) for peer id %ld\n",
peer->vectors_count, fd, peer->id);
+ if (peer->vectors_count >= G_N_ELEMENTS(peer->vectors)) {
+ IVSHMEM_CLIENT_DEBUG(client, "Too many vectors received, failing");
+ return -1;
+ }
+
peer->vectors[peer->vectors_count] = fd;
peer->vectors_count++;