| Message ID | 1326110694-5196-3-git-send-email-avi@redhat.com |
|---|---|
| State | New |
| Headers | show |
On Mon, Jan 09, 2012 at 02:04:53PM +0200, Avi Kivity wrote: > A memset() used to delete an entry in an array did not take into account > the array element's size. > > Signed-off-by: Avi Kivity <avi@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> > --- > hw/vhost.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/hw/vhost.c b/hw/vhost.c > index 541c716..d924fb0 100644 > --- a/hw/vhost.c > +++ b/hw/vhost.c > @@ -456,7 +456,7 @@ static void vhost_region_del(MemoryListener *listener, > == section->offset_within_address_space) { > --dev->n_mem_sections; > memmove(&dev->mem_sections[i], &dev->mem_sections[i+1], > - dev->n_mem_sections - i); > + (dev->n_mem_sections - i) * sizeof(*dev->mem_sections)); > break; > } > } > -- > 1.7.7.1 >
diff --git a/hw/vhost.c b/hw/vhost.c index 541c716..d924fb0 100644 --- a/hw/vhost.c +++ b/hw/vhost.c @@ -456,7 +456,7 @@ static void vhost_region_del(MemoryListener *listener, == section->offset_within_address_space) { --dev->n_mem_sections; memmove(&dev->mem_sections[i], &dev->mem_sections[i+1], - dev->n_mem_sections - i); + (dev->n_mem_sections - i) * sizeof(*dev->mem_sections)); break; } }
A memset() used to delete an entry in an array did not take into account the array element's size. Signed-off-by: Avi Kivity <avi@redhat.com> --- hw/vhost.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)