External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-03-07 17:28:15 +00:00
Code

Handle copying bitmaps to larger data buffers

Browse Source 
If a bitmap of a shorter length than the data buffer is passed to
virBitmapToDataBuf, it will read off the end of the bitmap and copy junk
into the returned buffer. Add a check to only copy the length of the
bitmap to the buffer.

The problem can be observed after setting a vcpu affinity using the vcpupin
command on a system with a large number of cores:
  # virsh vcpupin example_domain 0 0
  # virsh vcpupin example_domain 0
     VCPU   CPU Affinity
    ---------------------------
     0      0,192,197-198,202

Signed-off-by: John Allen <john.allen@amd.com>
This commit is contained in:
Allen, John 2019-04-15 14:43:07 +00:00 committed by Pavel Hrdina
parent 055af76f16
commit 51f9f80d35
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/util/virbitmap.c
View File

@ -825,11 +825,15 @@ virBitmapToDataBuf(virBitmapPtr bitmap,
unsigned char *bytes, unsigned char *bytes,
size_t len) size_t len)
{ {
size_t nbytes = bitmap->map_len * (VIR_BITMAP_BITS_PER_UNIT / CHAR_BIT);
unsigned long *l; unsigned long *l;
size_t i, j; size_t i, j;
memset(bytes, 0, len); memset(bytes, 0, len);
/* If bitmap and buffer differ in size, only fill to the smaller length */
len = MIN(len, nbytes);
/* htole64 is not provided by gnulib, so we do the conversion by hand */ /* htole64 is not provided by gnulib, so we do the conversion by hand */
l = bitmap->map; l = bitmap->map;
for (i = j = 0; i < len; i++, j++) { for (i = j = 0; i < len; i++, j++) {