[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 19/24] hbitmap: add assertion on hbitmap_iter_init
From: |
Kevin Wolf |
Subject: |
[Qemu-devel] [PATCH 19/24] hbitmap: add assertion on hbitmap_iter_init |
Date: |
Fri, 25 Jan 2013 19:45:55 +0100 |
From: Paolo Bonzini <address@hidden>
hbitmap_iter_init causes an out-of-bounds access when the "first"
argument is or greater than or equal to the size of the bitmap.
Forbid this with an assertion, and remove the failing testcase.
Reported-by: Kevin Wolf <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Reviewed-by: Laszlo Ersek <address@hidden>
Signed-off-by: Kevin Wolf <address@hidden>
---
include/qemu/hbitmap.h | 3 ++-
tests/test-hbitmap.c | 13 +++----------
util/hbitmap.c | 1 +
3 files changed, 6 insertions(+), 11 deletions(-)
diff --git a/include/qemu/hbitmap.h b/include/qemu/hbitmap.h
index 7ddfb66..73f5d1d 100644
--- a/include/qemu/hbitmap.h
+++ b/include/qemu/hbitmap.h
@@ -128,7 +128,8 @@ void hbitmap_free(HBitmap *hb);
* hbitmap_iter_init:
* @hbi: HBitmapIter to initialize.
* @hb: HBitmap to iterate on.
- * @first: First bit to visit (0-based).
+ * @first: First bit to visit (0-based, must be strictly less than the
+ * size of the bitmap).
*
* Set up @hbi to iterate on the HBitmap @hb. hbitmap_iter_next will return
* the lowest-numbered bit that is set in @hb, starting at @first.
diff --git a/tests/test-hbitmap.c b/tests/test-hbitmap.c
index fcc6a00..8c902f2 100644
--- a/tests/test-hbitmap.c
+++ b/tests/test-hbitmap.c
@@ -86,7 +86,9 @@ static void hbitmap_test_init(TestHBitmapData *data,
data->bits = g_new0(unsigned long, n);
data->size = size;
data->granularity = granularity;
- hbitmap_test_check(data, 0);
+ if (size) {
+ hbitmap_test_check(data, 0);
+ }
}
static void hbitmap_test_teardown(TestHBitmapData *data,
@@ -198,14 +200,6 @@ static void test_hbitmap_iter_partial(TestHBitmapData
*data,
hbitmap_test_check(data, L3 / 2);
}
-static void test_hbitmap_iter_past(TestHBitmapData *data,
- const void *unused)
-{
- hbitmap_test_init(data, L3, 0);
- hbitmap_test_set(data, 0, L3);
- hbitmap_test_check(data, L3);
-}
-
static void test_hbitmap_set_all(TestHBitmapData *data,
const void *unused)
{
@@ -388,7 +382,6 @@ int main(int argc, char **argv)
hbitmap_test_add("/hbitmap/size/0", test_hbitmap_zero);
hbitmap_test_add("/hbitmap/size/unaligned", test_hbitmap_unaligned);
hbitmap_test_add("/hbitmap/iter/empty", test_hbitmap_iter_empty);
- hbitmap_test_add("/hbitmap/iter/past", test_hbitmap_iter_past);
hbitmap_test_add("/hbitmap/iter/partial", test_hbitmap_iter_partial);
hbitmap_test_add("/hbitmap/iter/granularity",
test_hbitmap_iter_granularity);
hbitmap_test_add("/hbitmap/get/all", test_hbitmap_get_all);
diff --git a/util/hbitmap.c b/util/hbitmap.c
index fb7e01e..2aa487d 100644
--- a/util/hbitmap.c
+++ b/util/hbitmap.c
@@ -147,6 +147,7 @@ void hbitmap_iter_init(HBitmapIter *hbi, const HBitmap *hb,
uint64_t first)
hbi->hb = hb;
pos = first >> hb->granularity;
+ assert(pos < hb->size);
hbi->pos = pos >> BITS_PER_LEVEL;
hbi->granularity = hb->granularity;
--
1.7.6.5
- [Qemu-devel] [PATCH 07/24] block: allow customizing the granularity of the dirty bitmap, (continued)
- [Qemu-devel] [PATCH 07/24] block: allow customizing the granularity of the dirty bitmap, Kevin Wolf, 2013/01/25
- [Qemu-devel] [PATCH 06/24] block: return count of dirty sectors, not chunks, Kevin Wolf, 2013/01/25
- [Qemu-devel] [PATCH 09/24] mirror: switch mirror_iteration to AIO, Kevin Wolf, 2013/01/25
- [Qemu-devel] [PATCH 08/24] mirror: allow customizing the granularity, Kevin Wolf, 2013/01/25
- [Qemu-devel] [PATCH 10/24] mirror: add buf-size argument to drive-mirror, Kevin Wolf, 2013/01/25
- [Qemu-devel] [PATCH 11/24] mirror: support more than one in-flight AIO operation, Kevin Wolf, 2013/01/25
- [Qemu-devel] [PATCH 13/24] block: Add special error code for wrong format, Kevin Wolf, 2013/01/25
- [Qemu-devel] [PATCH 12/24] mirror: support arbitrarily-sized iterations, Kevin Wolf, 2013/01/25
- [Qemu-devel] [PATCH 14/24] block: Use error code EMEDIUMTYPE for wrong format in some block drivers, Kevin Wolf, 2013/01/25
- [Qemu-devel] [PATCH 18/24] mirror: do nothing on zero-sized disk, Kevin Wolf, 2013/01/25
- [Qemu-devel] [PATCH 19/24] hbitmap: add assertion on hbitmap_iter_init,
Kevin Wolf <=
- [Qemu-devel] [PATCH 17/24] block/vdi: Check for bad signature, Kevin Wolf, 2013/01/25
- [Qemu-devel] [PATCH 15/24] block/vdi: Improve debug output for signature, Kevin Wolf, 2013/01/25
- [Qemu-devel] [PATCH 16/24] block/vdi: Improved return values from vdi_open, Kevin Wolf, 2013/01/25
- [Qemu-devel] [PATCH 23/24] block: Create proper size file for disk mirror, Kevin Wolf, 2013/01/25
- [Qemu-devel] [PATCH 20/24] ahci: Remove unused AHCIDevice fields, Kevin Wolf, 2013/01/25
- [Qemu-devel] [PATCH 22/24] ahci: Add migration support, Kevin Wolf, 2013/01/25
- [Qemu-devel] [PATCH 24/24] ide: Add fall through annotations, Kevin Wolf, 2013/01/25
- [Qemu-devel] [PATCH 21/24] ahci: Change data types in preparation for migration, Kevin Wolf, 2013/01/25