[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 19/24] ivshmem-server: fix possible OVERRUN
From: |
Michael Tokarev |
Subject: |
[Qemu-devel] [PULL 19/24] ivshmem-server: fix possible OVERRUN |
Date: |
Fri, 6 Nov 2015 15:43:56 +0300 |
From: Gonglei <address@hidden>
>>> CID 1337991: Memory - illegal accesses (OVERRUN)
>>> Decrementing "i". The value of "i" is now 65534.
218 while (i--) {
219 event_notifier_cleanup(&peer->vectors[i]);
220 }
Signed-off-by: Gonglei <address@hidden>
Reviewed-by: Marc-André Lureau <address@hidden>
Signed-off-by: Michael Tokarev <address@hidden>
---
contrib/ivshmem-server/ivshmem-server.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/contrib/ivshmem-server/ivshmem-server.c
b/contrib/ivshmem-server/ivshmem-server.c
index 5e5239c..d9e26b0 100644
--- a/contrib/ivshmem-server/ivshmem-server.c
+++ b/contrib/ivshmem-server/ivshmem-server.c
@@ -168,7 +168,9 @@ ivshmem_server_handle_new_conn(IvshmemServer *server)
}
if (i == G_MAXUINT16) {
IVSHMEM_SERVER_DEBUG(server, "cannot allocate new client id\n");
- goto fail;
+ close(newfd);
+ g_free(peer);
+ return -1;
}
peer->id = server->cur_id++;
--
2.1.4
- [Qemu-devel] [PULL 20/24] target-alpha: fix uninitialized variable, (continued)
- [Qemu-devel] [PULL 16/24] configure: remove help string for 'vnc-tls' option, Michael Tokarev, 2015/11/06
- [Qemu-devel] [PULL 03/24] hw/display/tcx: Remove superfluous OBJECT() typecasts, Michael Tokarev, 2015/11/06
- [Qemu-devel] [PULL 13/24] ui: Use g_new() & friends where that makes obvious sense, Michael Tokarev, 2015/11/06
- [Qemu-devel] [PULL 24/24] tap-bsd: use user-specified tap device if it already exists, Michael Tokarev, 2015/11/06
- [Qemu-devel] [PULL 14/24] qxl: Use g_new() & friends where that makes obvious sense, Michael Tokarev, 2015/11/06
- [Qemu-devel] [PULL 19/24] ivshmem-server: fix possible OVERRUN,
Michael Tokarev <=
- [Qemu-devel] [PULL 07/24] xen: fix invalid assertion, Michael Tokarev, 2015/11/06
- [Qemu-devel] [PULL 05/24] fix bad indentation in pcie_cap_slot_write_config(), Michael Tokarev, 2015/11/06
- [Qemu-devel] [PULL 12/24] bt: fix use of uninitialized variable seqlen, Michael Tokarev, 2015/11/06
- [Qemu-devel] [PULL 21/24] exec: avoid unnecessary cacheline bounce on ram_list.mru_block, Michael Tokarev, 2015/11/06
- [Qemu-devel] [PULL 22/24] taget-ppc: Fix read access to IBAT registers higher than IBAT3, Michael Tokarev, 2015/11/06
- [Qemu-devel] [PULL 18/24] pci-assign: do not test path with access() before opening, Michael Tokarev, 2015/11/06
- Re: [Qemu-devel] [PULL 00/24] Trivial patches for 2015-11-06, Peter Maydell, 2015/11/06
- [Qemu-devel] [PULL 15/24] usb: Use g_new() & friends where that makes obvious sense, Michael Tokarev, 2015/11/06
- [Qemu-devel] [PULL 04/24] maint: Ignore ivshmem binaries, Michael Tokarev, 2015/11/06