[PATCH python] iothread: fix memory access out of bounds
From: suruifeng <suruifeng@huawei.com> When the 'pcpu' is larger then the last 'iothr->cpumap' bits, set the list element to False to avoid out of bounds access 'iothr->cpumap'. Signed-off-by: suruifeng <suruifeng@huawei.com> Reviewed-by: Hogan Wang <hogan.wang@huawei.com> --- libvirt-override.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/libvirt-override.c b/libvirt-override.c index 1f55864..b099f51 100644 --- a/libvirt-override.c +++ b/libvirt-override.c @@ -1625,10 +1625,14 @@ libvirt_virDomainGetIOThreadInfo(PyObject *self ATTRIBUTE_UNUSED, VIR_PY_TUPLE_SET_GOTO(iothrtpl, 1, iothrmap, cleanup); for (pcpu = 0; pcpu < cpunum; pcpu++) - VIR_PY_LIST_SET_GOTO(iothrmap, pcpu, - PyBool_FromLong(VIR_CPU_USED(iothr->cpumap, - pcpu)), - cleanup); + if (VIR_CPU_MAPLEN(pcpu + 1) > iothr->cpumaplen) { + VIR_PY_LIST_SET_GOTO(iothrmap, pcpu, PyBool_FromLong(0), cleanup); + } else { + VIR_PY_LIST_SET_GOTO(iothrmap, pcpu, + PyBool_FromLong(VIR_CPU_USED(iothr->cpumap, + pcpu)), + cleanup); + } } py_retval = py_iothrinfo; -- 2.23.0
On Tue, Feb 23, 2021 at 11:23:18AM +0800, Hogan Wang wrote:
From: suruifeng <suruifeng@huawei.com>
When the 'pcpu' is larger then the last 'iothr->cpumap' bits, set the list element to False to avoid out of bounds access 'iothr->cpumap'.
Signed-off-by: suruifeng <suruifeng@huawei.com> Reviewed-by: Hogan Wang <hogan.wang@huawei.com>
Changes for everything except the main libvirt.git have to be sent as gitlab merge requests now, so could you resubmit at: https://gitlab.com/libvirt/libvirt-python/ Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
participants (2)
-
Daniel P. Berrangé -
Hogan Wang