Re: [PATCH v2 python 2/2] add check for pycpumap length

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



In subject:

"Don't overrun buffer when converting cpumap" perhaps? That would IMHO
explain the patch a bit more when looking at shortlog.

On Fri, Oct 28, 2016 at 13:41:10 +0300, Konstantin Neumoin wrote:
> If we pass large(more than cpunum) cpu mask to any libvirt_virDomainPin*
> function, it could leads to crash. So we have to check tuple size in
> virPyCpuMapToChar and ignore extra tuple members.
> 
> Signed-off-by: Konstantin Neumoin <kneumoin@xxxxxxxxxxxxx>
> ---
>  libvirt-utils.c | 9 ++++++---
>  1 file changed, 6 insertions(+), 3 deletions(-)
> 
> diff --git a/libvirt-utils.c b/libvirt-utils.c
> index aaf4bea..3fc0fdd 100644
> --- a/libvirt-utils.c
> +++ b/libvirt-utils.c
> @@ -589,7 +589,8 @@ virPyDictToTypedParams(PyObject *dict,
>  
>  
>  /* virPyCpuMapToChar
> - * @cpunum: the number of cpus
> + * @cpunum: the number of cpus, only this first elements make sense,
> + * so others will be ignored(filled by zeros).

So this sentence belongs to the previous patch and I'd put it below into
the text explaining how this variable is treated.


>   * @pycpumap: source Py cpu map
>   * @cpumapptr: destination cpu map
>   * @cpumaplen: destination cpu map length
> @@ -604,7 +605,7 @@ virPyCpuMapToChar(int cpunum,
>                    unsigned char **cpumapptr,
>                    int *cpumaplen)
>  {
> -    int tuple_size;
> +    int tuple_size, rel_cpumaplen;
>      size_t i;
>      int i_retval = -1;
>      *cpumapptr = NULL;
> @@ -624,7 +625,9 @@ virPyCpuMapToChar(int cpunum,
>          goto exit;
>      }
>  
> -    for (i = 0; i < tuple_size; i++) {
> +    rel_cpumaplen = MIN(cpunum, tuple_size);
> +
> +    for (i = 0; i < rel_cpumaplen; i++) {

You can avoid the temporary variable by checking both tuple_size and
cpumaplen in the condition.

>          PyObject *flag = PyTuple_GetItem(pycpumap, i);
>          bool b;

Not visible in the context is the second for loop that clears the rest
of the bits from the tuple which exceed "cpumap". This is not necessary
any more since you now fill only the first elements.

Peter

Attachment: signature.asc
Description: Digital signature

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]