[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH] Out of bound check in bind_virq (trivial)

Here is a trivial patch that adds a domain->vcpu array out of bound check (without it I managed to take whole Xen down by trying to run a buggy domain). 

Cheers
Gregor

# HG changeset patch
# User gmilos@xxxxxxxxxxxxxxxxxxxxx
# Node ID 0c6432737d58f7276a3f60322123f3d967b23f91
# Parent  76a7a7aa27e40022fbfeacdd8d6ed9395e875894
Added missing array out of bound check for d->vcpu.
Signed-off-by: Grzegorz Milos <gm281@xxxxxxxxx>

diff -r 76a7a7aa27e4 -r 0c6432737d58 xen/common/event_channel.c
--- a/xen/common/event_channel.c        Thu Oct  6 16:02:38 2005
+++ b/xen/common/event_channel.c        Thu Oct  6 18:08:04 2005
@@ -269,7 +269,8 @@
     if ( virq >= ARRAY_SIZE(v->virq_to_evtchn) )
         return -EINVAL;
 
-    if ( (v = d->vcpu[bind->vcpu]) == NULL )
+    if ( bind->vcpu >= ARRAY_SIZE(d->vcpu) || 
+            (v = d->vcpu[bind->vcpu]) == NULL )
         return -ENOENT;
 
     spin_lock(&d->evtchn_lock);

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.