[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2 1/3] x86/vmx: introduce vmx_find_msr()

On Wed, 2017-02-22 at 08:40 +0000, Tian, Kevin wrote:
> > From: Sergey Dyasli [mailto:sergey.dyasli@xxxxxxxxxx]
> > Sent: Wednesday, February 22, 2017 4:38 PM
> > 
> > > > 
> > > > -    for ( idx = 0; idx < *msr_count; idx++ )
> > > > +    for ( idx = 0; (*msr_area)[idx].index <= msr && idx < *msr_count; 
> > > > idx++ )
> > > 
> > > risk of out-of-boundary access.
> > 
> > How exactly out-of-bounds access is possible? The original condition
> > 
> >     idx < *msr_count
> > 
> > Is still being checked on each loop iteration.
> > 
> 
> Isn't "(*msr_area[idx]).index <= msr" checked before "idx < *msr_count"?
> 
> So if idx==*msr_count, you first hit an out-of-boundary access...
> 
> I think we should change the condition order here.
> 

You are right. I will fix this in v3.

-- 
Thanks,
Sergey
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.