[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v4 02/16] util/iov: make qemu_iovec_init_extended() honest
From: |
Eric Blake |
Subject: |
Re: [PATCH v4 02/16] util/iov: make qemu_iovec_init_extended() honest |
Date: |
Thu, 21 Jan 2021 15:58:07 -0600 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.6.0 |
On 12/11/20 12:39 PM, Vladimir Sementsov-Ogievskiy wrote:
> Actually, we can't extend the io vector in all cases. Handle possible
> MAX_IOV and size_t overflows.
>
> For now add assertion to callers (actually they rely on success anyway)
> and fix them in the following patch.
>
> Add also some additional good assertions to qemu_iovec_init_slice()
> while being here.
>
> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
> ---
> include/qemu/iov.h | 2 +-
> block/io.c | 10 +++++++---
> util/iov.c | 25 +++++++++++++++++++++++--
> 3 files changed, 31 insertions(+), 6 deletions(-)
>
> @@ -492,7 +506,14 @@ bool qemu_iovec_is_zero(QEMUIOVector *qiov, size_t
> offset, size_t bytes)
> void qemu_iovec_init_slice(QEMUIOVector *qiov, QEMUIOVector *source,
> size_t offset, size_t len)
> {
> - qemu_iovec_init_extended(qiov, NULL, 0, source, offset, len, NULL, 0);
> + int ret;
> +
> + assert(source->size >= len);
> + assert(source->size - len >= offset);
> +
> + /* We shrink the request, so we can't overflow neither size_t nor
> MAX_IOV */
We shrink the request, so neither size_t nor MAX_IOV will overflow
> + ret = qemu_iovec_init_extended(qiov, NULL, 0, source, offset, len, NULL,
> 0);
> + assert(ret == 0);
> }
>
> void qemu_iovec_destroy(QEMUIOVector *qiov)
>
Reviewed-by: Eric Blake <eblake@redhat.com>
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [PATCH v4 02/16] util/iov: make qemu_iovec_init_extended() honest,
Eric Blake <=