In subject: "Don't overrun buffer when converting cpumap" perhaps? That would IMHO explain the patch a bit more when looking at shortlog. On Fri, Oct 28, 2016 at 13:41:10 +0300, Konstantin Neumoin wrote: > If we pass large(more than cpunum) cpu mask to any libvirt_virDomainPin* > function, it could leads to crash. So we have to check tuple size in > virPyCpuMapToChar and ignore extra tuple members. > > Signed-off-by: Konstantin Neumoin <kneumoin@xxxxxxxxxxxxx> > --- > libvirt-utils.c | 9 ++++++--- > 1 file changed, 6 insertions(+), 3 deletions(-) > > diff --git a/libvirt-utils.c b/libvirt-utils.c > index aaf4bea..3fc0fdd 100644 > --- a/libvirt-utils.c > +++ b/libvirt-utils.c > @@ -589,7 +589,8 @@ virPyDictToTypedParams(PyObject *dict, > > > /* virPyCpuMapToChar > - * @cpunum: the number of cpus > + * @cpunum: the number of cpus, only this first elements make sense, > + * so others will be ignored(filled by zeros). So this sentence belongs to the previous patch and I'd put it below into the text explaining how this variable is treated. > * @pycpumap: source Py cpu map > * @cpumapptr: destination cpu map > * @cpumaplen: destination cpu map length > @@ -604,7 +605,7 @@ virPyCpuMapToChar(int cpunum, > unsigned char **cpumapptr, > int *cpumaplen) > { > - int tuple_size; > + int tuple_size, rel_cpumaplen; > size_t i; > int i_retval = -1; > *cpumapptr = NULL; > @@ -624,7 +625,9 @@ virPyCpuMapToChar(int cpunum, > goto exit; > } > > - for (i = 0; i < tuple_size; i++) { > + rel_cpumaplen = MIN(cpunum, tuple_size); > + > + for (i = 0; i < rel_cpumaplen; i++) { You can avoid the temporary variable by checking both tuple_size and cpumaplen in the condition. > PyObject *flag = PyTuple_GetItem(pycpumap, i); > bool b; Not visible in the context is the second for loop that clears the rest of the bits from the tuple which exceed "cpumap". This is not necessary any more since you now fill only the first elements. Peter
Attachment:
signature.asc
Description: Digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list