[Qemu-devel] [PULL 10/28] monitor: check return value of qemu_find_net

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PULL 10/28] monitor: check return value of qemu_find_net_c

From:	Michael S. Tsirkin
Subject:	[Qemu-devel] [PULL 10/28] monitor: check return value of qemu_find_net_clients_except()
Date:	Mon, 11 May 2015 14:47:43 +0200

From: Jason Wang <address@hidden>

qemu_find_net_clients_except() may return a value which is greater
than the size of array we provided. So we should check this value
before using it, otherwise this may cause unexpected memory access.

This patch fixes the net related command completion when we have a
virtio-net nic with more than 255 queues.

Cc: Luiz Capitulino <address@hidden>
Signed-off-by: Jason Wang <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
---
 monitor.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/monitor.c b/monitor.c
index 9d18b7f..c902412 100644
--- a/monitor.c
+++ b/monitor.c
@@ -4477,7 +4477,7 @@ void set_link_completion(ReadLineState *rs, int nb_args, 
const char *str)
         count = qemu_find_net_clients_except(NULL, ncs,
                                              NET_CLIENT_OPTIONS_KIND_NONE,
                                              MAX_QUEUE_NUM);
-        for (i = 0; i < count; i++) {
+        for (i = 0; i < MIN(count, MAX_QUEUE_NUM); i++) {
             const char *name = ncs[i]->name;
             if (!strncmp(str, name, len)) {
                 readline_add_completion(rs, name);
@@ -4502,7 +4502,7 @@ void netdev_del_completion(ReadLineState *rs, int 
nb_args, const char *str)
     readline_set_completion_index(rs, len);
     count = qemu_find_net_clients_except(NULL, ncs, 
NET_CLIENT_OPTIONS_KIND_NIC,
                                          MAX_QUEUE_NUM);
-    for (i = 0; i < count; i++) {
+    for (i = 0; i < MIN(count, MAX_QUEUE_NUM); i++) {
         QemuOpts *opts;
         const char *name = ncs[i]->name;
         if (strncmp(str, name, len)) {
@@ -4576,7 +4576,7 @@ void host_net_remove_completion(ReadLineState *rs, int 
nb_args, const char *str)
         count = qemu_find_net_clients_except(NULL, ncs,
                                              NET_CLIENT_OPTIONS_KIND_NONE,
                                              MAX_QUEUE_NUM);
-        for (i = 0; i < count; i++) {
+        for (i = 0; i < MIN(count, MAX_QUEUE_NUM); i++) {
             int id;
             char name[16];
 
@@ -4593,7 +4593,7 @@ void host_net_remove_completion(ReadLineState *rs, int 
nb_args, const char *str)
         count = qemu_find_net_clients_except(NULL, ncs,
                                              NET_CLIENT_OPTIONS_KIND_NIC,
                                              MAX_QUEUE_NUM);
-        for (i = 0; i < count; i++) {
+        for (i = 0; i < MIN(count, MAX_QUEUE_NUM); i++) {
             int id;
             const char *name;
 
-- 
MST

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PULL 00/28] pc, virtio enhancements, Michael S. Tsirkin, 2015/05/11
- [Qemu-devel] [PULL 01/28] acpi-build: close } in comment, Michael S. Tsirkin, 2015/05/11
- [Qemu-devel] [PULL 04/28] vhost-user: Send VHOST_RESET_OWNER on vhost stop, Michael S. Tsirkin, 2015/05/11
- [Qemu-devel] [PULL 03/28] hw/i386/acpi-build: move generic acpi building helpers into dedictated file, Michael S. Tsirkin, 2015/05/11
- [Qemu-devel] [PULL 02/28] hw/i386: Move ACPI header definitions in an arch-independent location, Michael S. Tsirkin, 2015/05/11
- [Qemu-devel] [PULL 05/28] virtio-net: fix the upper bound when trying to delete queues, Michael S. Tsirkin, 2015/05/11
- [Qemu-devel] [PULL 06/28] pc: add 2.4 machine types, Michael S. Tsirkin, 2015/05/11
- [Qemu-devel] [PULL 07/28] spapr: add machine type specific instance init function, Michael S. Tsirkin, 2015/05/11
- [Qemu-devel] [PULL 08/28] ppc: spapr: add 2.4 machine type, Michael S. Tsirkin, 2015/05/11
- [Qemu-devel] [PULL 09/28] monitor: replace the magic number 255 with MAX_QUEUE_NUM, Michael S. Tsirkin, 2015/05/11
- [Qemu-devel] [PULL 10/28] monitor: check return value of qemu_find_net_clients_except(), Michael S. Tsirkin <=
- [Qemu-devel] [PULL 11/28] virtio-ccw: using VIRTIO_NO_VECTOR instead of 0 for invalid virtqueue, Michael S. Tsirkin, 2015/05/11
- [Qemu-devel] [PULL 12/28] virtio: introduce vector to virtqueues mapping, Michael S. Tsirkin, 2015/05/11
- [Qemu-devel] [PULL 13/28] virtio-pci: speedup MSI-X masking and unmasking, Michael S. Tsirkin, 2015/05/11
- [Qemu-devel] [PULL 14/28] pci: remove hard-coded bar size in msix_init_exclusive_bar(), Michael S. Tsirkin, 2015/05/11
- [Qemu-devel] [PULL 16/28] docs: update documentation for memory hot unplug, Michael S. Tsirkin, 2015/05/11
- [Qemu-devel] [PULL 17/28] acpi, mem-hotplug: add acpi_memory_slot_status() to get MemStatus, Michael S. Tsirkin, 2015/05/11
- [Qemu-devel] [PULL 15/28] virtio: coding style tweak, Michael S. Tsirkin, 2015/05/11
- [Qemu-devel] [PULL 18/28] acpi, mem-hotplug: add unplug request cb for memory device, Michael S. Tsirkin, 2015/05/11
- [Qemu-devel] [PULL 19/28] acpi, mem-hotplug: add unplug cb for memory device, Michael S. Tsirkin, 2015/05/11
- [Qemu-devel] [PULL 21/28] acpi: fix "Memory device control fields" register, Michael S. Tsirkin, 2015/05/11

Prev by Date: [Qemu-devel] [PULL 09/28] monitor: replace the magic number 255 with MAX_QUEUE_NUM
Next by Date: [Qemu-devel] [PULL 11/28] virtio-ccw: using VIRTIO_NO_VECTOR instead of 0 for invalid virtqueue
Previous by thread: [Qemu-devel] [PULL 09/28] monitor: replace the magic number 255 with MAX_QUEUE_NUM
Next by thread: [Qemu-devel] [PULL 11/28] virtio-ccw: using VIRTIO_NO_VECTOR instead of 0 for invalid virtqueue
Index(es):
- Date
- Thread