diff mbox

[v4,32/47] ivshmem-client: check the number of vectors

Message ID 1443094669-4144-33-git-send-email-marcandre.lureau@redhat.com
State New
Headers show

Commit Message

Marc-André Lureau Sept. 24, 2015, 11:37 a.m. UTC 
From: Marc-André Lureau <marcandre.lureau@redhat.com>

Check the number of vectors received from the server, to avoid
out of bound array access.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 contrib/ivshmem-client/ivshmem-client.c | 4 ++++
 1 file changed, 4 insertions(+)

Comments

Claudio Fontana Sept. 29, 2015, 1:47 p.m. UTC | #1 
On 24.09.2015 13:37, marcandre.lureau@redhat.com wrote:
> From: Marc-André Lureau <marcandre.lureau@redhat.com>
> 
> Check the number of vectors received from the server, to avoid
> out of bound array access.
> 
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> ---
>  contrib/ivshmem-client/ivshmem-client.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/contrib/ivshmem-client/ivshmem-client.c b/contrib/ivshmem-client/ivshmem-client.c
> index 11c805c..01e24a7 100644
> --- a/contrib/ivshmem-client/ivshmem-client.c
> +++ b/contrib/ivshmem-client/ivshmem-client.c
> @@ -128,6 +128,10 @@ ivshmem_client_handle_server_msg(IvshmemClient *client)
>      /* new vector */
>      IVSHMEM_CLIENT_DEBUG(client, "  new vector %d (fd=%d) for peer id %ld\n",
>                           peer->vectors_count, fd, peer->id);
> +    if (peer->vectors_count >= G_N_ELEMENTS(peer->vectors)) {
> +        return -1;
> +    }

Anything we want to print with IVSHMEM_CLIENT_DEBUG ?
The caller will only spew a "ivshmem_client_handle_server_msg() failed\n" in this case.

> +
>      peer->vectors[peer->vectors_count] = fd;
>      peer->vectors_count++;
>  
>
Marc-Andre Lureau Sept. 29, 2015, 2:01 p.m. UTC | #2 
----- Original Message -----
> On 24.09.2015 13:37, marcandre.lureau@redhat.com wrote:
> > From: Marc-André Lureau <marcandre.lureau@redhat.com>
> > 
> > Check the number of vectors received from the server, to avoid
> > out of bound array access.
> > 
> > Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> > ---
> >  contrib/ivshmem-client/ivshmem-client.c | 4 ++++
> >  1 file changed, 4 insertions(+)
> > 
> > diff --git a/contrib/ivshmem-client/ivshmem-client.c
> > b/contrib/ivshmem-client/ivshmem-client.c
> > index 11c805c..01e24a7 100644
> > --- a/contrib/ivshmem-client/ivshmem-client.c
> > +++ b/contrib/ivshmem-client/ivshmem-client.c
> > @@ -128,6 +128,10 @@ ivshmem_client_handle_server_msg(IvshmemClient
> > *client)
> >      /* new vector */
> >      IVSHMEM_CLIENT_DEBUG(client, "  new vector %d (fd=%d) for peer id
> >      %ld\n",
> >                           peer->vectors_count, fd, peer->id);
> > +    if (peer->vectors_count >= G_N_ELEMENTS(peer->vectors)) {
> > +        return -1;
> > +    }
> 
> Anything we want to print with IVSHMEM_CLIENT_DEBUG ?
> The caller will only spew a "ivshmem_client_handle_server_msg() failed\n" in
> this case.

It could be deduced looking at the above new vector debug and the error, but better be more explicit: 
"Too many vector received, failing" ?

> 
> > +
> >      peer->vectors[peer->vectors_count] = fd;
> >      peer->vectors_count++;
> >  
> > 
> 
> 
>
diff mbox

Patch

diff --git a/contrib/ivshmem-client/ivshmem-client.c b/contrib/ivshmem-client/ivshmem-client.c
index 11c805c..01e24a7 100644
--- a/contrib/ivshmem-client/ivshmem-client.c
+++ b/contrib/ivshmem-client/ivshmem-client.c
@@ -128,6 +128,10 @@  ivshmem_client_handle_server_msg(IvshmemClient *client)
     /* new vector */
     IVSHMEM_CLIENT_DEBUG(client, "  new vector %d (fd=%d) for peer id %ld\n",
                          peer->vectors_count, fd, peer->id);
+    if (peer->vectors_count >= G_N_ELEMENTS(peer->vectors)) {
+        return -1;
+    }
+
     peer->vectors[peer->vectors_count] = fd;
     peer->vectors_count++;