[PATCH] qemu: forbid large value wraparound in balloon period collection

Erik Skultety <eskultet@xxxxxxxxxx> · Tue, 24 Feb 2015 16:28:18 +0100

We do parse and represent period collection as unsigned int in our
internal structures, however commit
d5c67e7f4523450023b89b69c16472582c85eeaf converts this to int, thus wrapping
around inputs greater than INT_MAX which results in an error from QEMU.
This patch adds a check into QEMU driver, because period attribute is
only supported by QEMU.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1140958
---
 src/qemu/qemu_driver.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index bec05d4..46bd880 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -2414,6 +2414,12 @@ static int qemuDomainSetMemoryStatsPeriod(virDomainPtr dom, int period,
     /* Set the balloon driver collection interval */
     priv = vm->privateData;
 
+    if (period < 0) {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                       _("invalid value for collection period"));
+        goto endjob;
+    }
+
     if (flags & VIR_DOMAIN_AFFECT_LIVE) {
 
         qemuDomainObjEnterMonitor(driver, vm);
-- 
1.9.3

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list







