Message ID | 20170221024248.11027-2-eblake@redhat.com |
---|---|
State | New |
Headers | show |
On Tue, Feb 21, 2017 at 6:49 AM Eric Blake <eblake@redhat.com> wrote: > From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> > > Comparison symbol is misused. It may lead to memory corruption. > Introduced in commit 7d3123e. > > Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> > Message-Id: <20170203154757.36140-6-vsementsov@virtuozzo.com> > [eblake: add CVE details] > Signed-off-by: Eric Blake <eblake@redhat.com> > Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> > --- > nbd/client.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/nbd/client.c b/nbd/client.c > index ffb0743..0d16cd1 100644 > --- a/nbd/client.c > +++ b/nbd/client.c > @@ -94,7 +94,7 @@ static ssize_t drop_sync(QIOChannel *ioc, size_t size) > char small[1024]; > char *buffer; > > - buffer = sizeof(small) < size ? small : g_malloc(MIN(65536, size)); > + buffer = sizeof(small) > size ? small : g_malloc(MIN(65536, size)); > while (size > 0) { > ssize_t count = read_sync(ioc, buffer, MIN(65536, size)); > > -- > 2.9.3 > > > -- Marc-André Lureau
diff --git a/nbd/client.c b/nbd/client.c index ffb0743..0d16cd1 100644 --- a/nbd/client.c +++ b/nbd/client.c @@ -94,7 +94,7 @@ static ssize_t drop_sync(QIOChannel *ioc, size_t size) char small[1024]; char *buffer; - buffer = sizeof(small) < size ? small : g_malloc(MIN(65536, size)); + buffer = sizeof(small) > size ? small : g_malloc(MIN(65536, size)); while (size > 0) { ssize_t count = read_sync(ioc, buffer, MIN(65536, size));