
2011/6/24 Eric Blake <eblake@redhat.com>:
Integer overflow and remote code are never a nice mix.
This has existed since commit 56cd414.
* src/libvirt.c (virDomainGetVcpus): Reject overflow up front. * src/remote/remote_driver.c (remoteDomainGetVcpus): Avoid overflow on sending rpc. * daemon/remote.c (remoteDispatchDomainGetVcpus): Avoid overflow on receiving rpc. ---
Gnulib makes checking for multiply overflow easy.
daemon/remote.c | 4 +++- src/libvirt.c | 5 +++-- src/remote/remote_driver.c | 4 +++- 3 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/daemon/remote.c b/daemon/remote.c index 48624d6..8d04fc7 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -61,6 +61,7 @@ #include "network.h" #include "libvirt/libvirt-qemu.h" #include "command.h" +#include "intprops.h"
I see this file in ./gnulib/lib but intprops is not listed in bootstrap.conf, so it's probably pulled in as a dependency for another module. But it doesn't hurt to be explicit and list it in bootstrap.conf. ACK, with that fixed. -- Matthias Bolte http://photron.blogspot.com