[libvirt] [PATCH 1/4] virsh: avoid integer overflow

Daniel P. Berrange berrange at redhat.com
Thu Jun 30 14:25:08 UTC 2011


On Thu, Jun 30, 2011 at 08:14:53AM -0600, Eric Blake wrote:
> Detected by Coverity.  info.nrVirtCpu is unsigned short, but if
> cpumaplen is int, then the product of the two in vshMalloc risks
> unintended sign extension.  cmdVcpuinfo had already solved this
> by using size_t cpumaplen.
> 
> * tools/virsh.c (cmdVcpuPin): Use correct type.
> ---
>  tools/virsh.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/tools/virsh.c b/tools/virsh.c
> index d15d206..643f05c 100644
> --- a/tools/virsh.c
> +++ b/tools/virsh.c
> @@ -3025,7 +3025,7 @@ cmdVcpuPin(vshControl *ctl, const vshCmd *cmd)
>      bool ret = true;
>      unsigned char *cpumap = NULL;
>      unsigned char *cpumaps = NULL;
> -    int cpumaplen;
> +    size_t cpumaplen;
>      bool bit, lastbit, isInvert;
>      int i, cpu, lastcpu, maxcpu, ncpus;
>      bool unuse = false;

ACK

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|




More information about the libvir-list mailing list