Re: [libvirt] [PATCH RFC v3 5/6] qemu: Implement cfs_period and cfs_quota's modification

Monday, 18 July 2011



On 07/18/2011 04:42 AM, Wen Congyang wrote:
...
 @@ -5983,7 +6169,30 @@ out:
          goto cleanup;
      }
 
 -    *nparams = 1;
 +    if (*nparams > 1) {
 +        params[1].value.ul = period;
 +        params[1].type = VIR_TYPED_PARAM_ULLONG;
 +        if (virStrcpyStatic(params[1].field, "cfs_period") == NULL) {
 +            qemuReportError(VIR_ERR_INTERNAL_ERROR,
 +                            "%s",
 +                            _("Field cfs_period too long for destination"));
 +            goto cleanup;
 +        }
 +
 +        params[2].value.ul = quota; 
Possible buffer overflow if *nparams == 2 ...

...
 +        params[2].type = VIR_TYPED_PARAM_LLONG;
 +        if (virStrcpyStatic(params[2].field, "cfs_quota") == NULL) {
 +            qemuReportError(VIR_ERR_INTERNAL_ERROR,
 +                            "%s",
 +                            _("Field cfs_quota too long for destination"));
 +            goto cleanup;
 +        }
 +
 +        *nparams = 3;
 +    } else {
 +        *nparams = 1;
 +    }
 +
      ret = 0;
 
  cleanup: 
-- 
Adam Litke
IBM Linux Technology Center

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Re: [libvirt] [PATCH RFC v3 5/6] qemu: Implement cfs_period and cfs_quota's modification