5:22 a.m.
The QEMU memory stats JSON monitor command was too cautious in
checking array bounds, dropping the last requested stat
* src/qemu/qemu_monitor_json.c: Fix off-by-1 check in memory
stats
---
src/qemu/qemu_monitor_json.c | 12 ++++++------
1 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index 7c0d372..3c97e9d 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -965,7 +965,7 @@ int qemuMonitorJSONGetMemoryStats(qemuMonitorPtr mon,
goto cleanup;
}
- if (virJSONValueObjectHasKey(data, "mem_swapped_in") &&
(got < (nr_stats-1))) {
+ if (virJSONValueObjectHasKey(data, "mem_swapped_in") &&
(got < nr_stats)) {
if (virJSONValueObjectGetNumberUlong(data, "mem_swapped_in",
&mem) < 0) {
qemuReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("info balloon reply was missing balloon
mem_swapped_in"));
@@ -976,7 +976,7 @@ int qemuMonitorJSONGetMemoryStats(qemuMonitorPtr mon,
stats[got].val = (mem/1024);
got++;
}
- if (virJSONValueObjectHasKey(data, "mem_swapped_out") &&
(got < (nr_stats-1))) {
+ if (virJSONValueObjectHasKey(data, "mem_swapped_out") &&
(got < nr_stats)) {
if (virJSONValueObjectGetNumberUlong(data, "mem_swapped_out",
&mem) < 0) {
qemuReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("info balloon reply was missing balloon
mem_swapped_out"));
@@ -987,7 +987,7 @@ int qemuMonitorJSONGetMemoryStats(qemuMonitorPtr mon,
stats[got].val = (mem/1024);
got++;
}
- if (virJSONValueObjectHasKey(data, "major_page_faults") &&
(got < (nr_stats-1))) {
+ if (virJSONValueObjectHasKey(data, "major_page_faults") &&
(got < nr_stats)) {
if (virJSONValueObjectGetNumberUlong(data, "major_page_faults",
&mem) < 0) {
qemuReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("info balloon reply was missing balloon
major_page_faults"));
@@ -998,7 +998,7 @@ int qemuMonitorJSONGetMemoryStats(qemuMonitorPtr mon,
stats[got].val = mem;
got++;
}
- if (virJSONValueObjectHasKey(data, "minor_page_faults") &&
(got < (nr_stats-1))) {
+ if (virJSONValueObjectHasKey(data, "minor_page_faults") &&
(got < nr_stats)) {
if (virJSONValueObjectGetNumberUlong(data, "minor_page_faults",
&mem) < 0) {
qemuReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("info balloon reply was missing balloon
minor_page_faults"));
@@ -1009,7 +1009,7 @@ int qemuMonitorJSONGetMemoryStats(qemuMonitorPtr mon,
stats[got].val = mem;
got++;
}
- if (virJSONValueObjectHasKey(data, "free_mem") && (got <
(nr_stats-1))) {
+ if (virJSONValueObjectHasKey(data, "free_mem") && (got <
nr_stats)) {
if (virJSONValueObjectGetNumberUlong(data, "free_mem",
&mem) < 0) {
qemuReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("info balloon reply was missing balloon
free_mem"));
@@ -1020,7 +1020,7 @@ int qemuMonitorJSONGetMemoryStats(qemuMonitorPtr mon,
stats[got].val = (mem/1024);
got++;
}
- if (virJSONValueObjectHasKey(data, "total_mem") && (got
< (nr_stats-1))) {
+ if (virJSONValueObjectHasKey(data, "total_mem") && (got
< nr_stats)) {
if (virJSONValueObjectGetNumberUlong(data, "total_mem",
&mem) < 0) {
qemuReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("info balloon reply was missing balloon
total_mem"));
--
1.6.6.1
5:46 a.m.
On Wed, Apr 14, 2010 at 11:22:05AM +0100, Daniel P. Berrange wrote:
The QEMU memory stats JSON monitor command was too cautious in
checking array bounds, dropping the last requested stat
* src/qemu/qemu_monitor_json.c: Fix off-by-1 check in memory
stats
---
src/qemu/qemu_monitor_json.c | 12 ++++++------
1 files changed, 6 insertions(+), 6 deletions(-)
I realize I never commited the previous patch this is against, so I'll
fold it into the original & push it
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
5336
days inactive
5336
days old
1 comments
1 participants
participants (1)
-
Daniel P. Berrange