Allocate enough memory for KVM_GET_MSR_INDEX_LIST as older kernels shot
far beyond their limits, corrupting user space memory.
Signed-off-by: Jan Kiszka <jan.kiszka@xxxxxxxxxxx>
---
qemu-kvm-x86.c | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/qemu-kvm-x86.c b/qemu-kvm-x86.c
index d6735c1..e528acb 100644
--- a/qemu-kvm-x86.c
+++ b/qemu-kvm-x86.c
@@ -349,7 +349,10 @@ struct kvm_msr_list *kvm_get_msr_list(kvm_context_t kvm)
r = ioctl(kvm->fd, KVM_GET_MSR_INDEX_LIST, &sizer);
if (r == -1 && errno != E2BIG)
return NULL;
- msrs = malloc(sizeof *msrs + sizer.nmsrs * sizeof *msrs->indices);
+ /* Old kernel modules had a bug and could write beyond the provided
+ memory. Allocate at least a safe amount of 1K. */
+ msrs = malloc(MAX(1024, sizeof(*msrs) +
+ sizer.nmsrs * sizeof(*msrs->indices)));
if (!msrs) {
errno = ENOMEM;
return NULL;
Attachment:
signature.asc
Description: OpenPGP digital signature
