Message ID | 1394648890-933-4-git-send-email-ehabkost@redhat.com |
---|---|
State | New |
Headers | show |
On 03/12/14 19:28, Eduardo Habkost wrote: > AcpiCpuHotplug_add() can't handle vCPU arch IDs larger than > ACPI_CPU_HOTPLUG_ID_LIMIT. Instead of corrupting memory in case the vCPU > ID is too large, use g_assert() to ensure we are not over the limit. > > Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> > --- > hw/acpi/cpu_hotplug.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/hw/acpi/cpu_hotplug.c b/hw/acpi/cpu_hotplug.c > index 48928dc..2ad83a0 100644 > --- a/hw/acpi/cpu_hotplug.c > +++ b/hw/acpi/cpu_hotplug.c > @@ -43,6 +43,7 @@ void AcpiCpuHotplug_add(ACPIGPE *gpe, AcpiCpuHotplug *g, CPUState *cpu) > > *gpe->sts = *gpe->sts | ACPI_CPU_HOTPLUG_STATUS; > cpu_id = k->get_arch_id(CPU(cpu)); > + g_assert((cpu_id / 8) < ACPI_GPE_PROC_LEN); > g->sts[cpu_id / 8] |= (1 << (cpu_id % 8)); > } > > Reviewed-by: Laszlo Ersek <lersek@redhat.com>
diff --git a/hw/acpi/cpu_hotplug.c b/hw/acpi/cpu_hotplug.c index 48928dc..2ad83a0 100644 --- a/hw/acpi/cpu_hotplug.c +++ b/hw/acpi/cpu_hotplug.c @@ -43,6 +43,7 @@ void AcpiCpuHotplug_add(ACPIGPE *gpe, AcpiCpuHotplug *g, CPUState *cpu) *gpe->sts = *gpe->sts | ACPI_CPU_HOTPLUG_STATUS; cpu_id = k->get_arch_id(CPU(cpu)); + g_assert((cpu_id / 8) < ACPI_GPE_PROC_LEN); g->sts[cpu_id / 8] |= (1 << (cpu_id % 8)); }
AcpiCpuHotplug_add() can't handle vCPU arch IDs larger than ACPI_CPU_HOTPLUG_ID_LIMIT. Instead of corrupting memory in case the vCPU ID is too large, use g_assert() to ensure we are not over the limit. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> --- hw/acpi/cpu_hotplug.c | 1 + 1 file changed, 1 insertion(+)