diff options
author | Marc-André Lureau <marcandre.lureau@redhat.com> | 2015-06-23 16:41:58 +0200 |
---|---|---|
committer | Marc-André Lureau <marcandre.lureau@redhat.com> | 2015-10-24 18:03:16 +0200 |
commit | 95204aa951ceb28eb6d4ce43bce09a58cbad83d8 (patch) | |
tree | 676d10fcac8d65ba893b2e78088f7c57a72e5f0f /contrib | |
parent | a75eb03b9fca3af291ec2c433ddda06121ae927d (diff) | |
download | qemu-95204aa951ceb28eb6d4ce43bce09a58cbad83d8.tar.gz qemu-95204aa951ceb28eb6d4ce43bce09a58cbad83d8.tar.bz2 qemu-95204aa951ceb28eb6d4ce43bce09a58cbad83d8.zip |
ivshmem-client: check the number of vectors
Check the number of vectors received from the server, to avoid
out of bound array access.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Diffstat (limited to 'contrib')
-rw-r--r-- | contrib/ivshmem-client/ivshmem-client.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/contrib/ivshmem-client/ivshmem-client.c b/contrib/ivshmem-client/ivshmem-client.c index fcc0930eb6..bfaf584ba7 100644 --- a/contrib/ivshmem-client/ivshmem-client.c +++ b/contrib/ivshmem-client/ivshmem-client.c @@ -128,6 +128,11 @@ ivshmem_client_handle_server_msg(IvshmemClient *client) /* new vector */ IVSHMEM_CLIENT_DEBUG(client, " new vector %d (fd=%d) for peer id %ld\n", peer->vectors_count, fd, peer->id); + if (peer->vectors_count >= G_N_ELEMENTS(peer->vectors)) { + IVSHMEM_CLIENT_DEBUG(client, "Too many vectors received, failing"); + return -1; + } + peer->vectors[peer->vectors_count] = fd; peer->vectors_count++; |