[Virtio-fs] [PATCH 10/24] DAX: virtiofsd: Add setup/remove mappings fuse commands
Stefan Hajnoczi
stefanha at redhat.com
Thu Feb 11 12:37:38 UTC 2021
On Tue, Feb 09, 2021 at 07:02:10PM +0000, Dr. David Alan Gilbert (git) wrote:
> +static void do_removemapping(fuse_req_t req, fuse_ino_t nodeid,
> + struct fuse_mbuf_iter *iter)
> +{
> + struct fuse_removemapping_in *arg;
> + struct fuse_removemapping_one *one;
> +
> + arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
> + if (!arg || arg->count <= 0) {
arg->count is unsigned so < is tautologous.
> + fuse_log(FUSE_LOG_ERR, "do_removemapping: invalid arg %p\n", arg);
> + fuse_reply_err(req, EINVAL);
> + return;
> + }
> +
> + one = fuse_mbuf_iter_advance(iter, arg->count * sizeof(*one));
arg->count * sizeof(*one) is an integer overflow on 32-bit hosts. I
think we should be more defensive here since this input comes from the
guest.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/virtio-fs/attachments/20210211/e2e00537/attachment.sig>
More information about the Virtio-fs
mailing list