[PATCH python] iothread: fix memory access out of bounds
Hogan Wang
hogan.wang at huawei.com
Tue Feb 23 03:23:18 UTC 2021
From: suruifeng <suruifeng at huawei.com>
When the 'pcpu' is larger then the last 'iothr->cpumap' bits,
set the list element to False to avoid out of bounds access
'iothr->cpumap'.
Signed-off-by: suruifeng <suruifeng at huawei.com>
Reviewed-by: Hogan Wang <hogan.wang at huawei.com>
---
libvirt-override.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/libvirt-override.c b/libvirt-override.c
index 1f55864..b099f51 100644
--- a/libvirt-override.c
+++ b/libvirt-override.c
@@ -1625,10 +1625,14 @@ libvirt_virDomainGetIOThreadInfo(PyObject *self ATTRIBUTE_UNUSED,
VIR_PY_TUPLE_SET_GOTO(iothrtpl, 1, iothrmap, cleanup);
for (pcpu = 0; pcpu < cpunum; pcpu++)
- VIR_PY_LIST_SET_GOTO(iothrmap, pcpu,
- PyBool_FromLong(VIR_CPU_USED(iothr->cpumap,
- pcpu)),
- cleanup);
+ if (VIR_CPU_MAPLEN(pcpu + 1) > iothr->cpumaplen) {
+ VIR_PY_LIST_SET_GOTO(iothrmap, pcpu, PyBool_FromLong(0), cleanup);
+ } else {
+ VIR_PY_LIST_SET_GOTO(iothrmap, pcpu,
+ PyBool_FromLong(VIR_CPU_USED(iothr->cpumap,
+ pcpu)),
+ cleanup);
+ }
}
py_retval = py_iothrinfo;
--
2.23.0
More information about the libvir-list
mailing list