On 07/18/2011 04:42 AM, Wen Congyang wrote:
> @@ -5983,7 +6169,30 @@ out:
> goto cleanup;
> }
>
> - *nparams = 1;
> + if (*nparams > 1) {
> + params[1].value.ul = period;
> + params[1].type = VIR_TYPED_PARAM_ULLONG;
> + if (virStrcpyStatic(params[1].field, "cfs_period") == NULL) {
> + qemuReportError(VIR_ERR_INTERNAL_ERROR,
> + "%s",
> + _("Field cfs_period too long for destination"));
> + goto cleanup;
> + }
> +
> + params[2].value.ul = quota;
Possible buffer overflow if *nparams == 2 ...
> + params[2].type = VIR_TYPED_PARAM_LLONG;
> + if (virStrcpyStatic(params[2].field, "cfs_quota") == NULL) {
> + qemuReportError(VIR_ERR_INTERNAL_ERROR,
> + "%s",
> + _("Field cfs_quota too long for destination"));
> + goto cleanup;
> + }
> +
> + *nparams = 3;
> + } else {
> + *nparams = 1;
> + }
> +
> ret = 0;
>
> cleanup:
--
Adam Litke
IBM Linux Technology Center
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list