diff options
| author | Markus Armbruster <armbru@redhat.com> | 2016-03-15 19:34:45 +0100 |
|---|---|---|
| committer | Timothy Pearson <tpearson@raptorengineering.com> | 2019-11-29 19:49:39 -0600 |
| commit | bea1470de93a38627ca333a1f7888bdfad029e9a (patch) | |
| tree | 96712ad98f4341eb5748e04670db31510ddbb75e /hw | |
| parent | 3b8937af7e2f0974d361f4c549be6ad3fb53ab28 (diff) | |
| download | hqemu-bea1470de93a38627ca333a1f7888bdfad029e9a.zip hqemu-bea1470de93a38627ca333a1f7888bdfad029e9a.tar.gz | |
ivshmem: Tighten check of property "size"
If size_t is narrower than 64 bits, passing uint64_t ivshmem_size to
mmap() truncates. Reject such sizes.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <1458066895-20632-31-git-send-email-armbru@redhat.com>
Diffstat (limited to 'hw')
| -rw-r--r-- | hw/misc/ivshmem.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/hw/misc/ivshmem.c b/hw/misc/ivshmem.c index 7b9e769..66c713e 100644 --- a/hw/misc/ivshmem.c +++ b/hw/misc/ivshmem.c @@ -87,7 +87,7 @@ typedef struct IVShmemState { */ MemoryRegion bar; MemoryRegion ivshmem; - uint64_t ivshmem_size; /* size of shared memory region */ + size_t ivshmem_size; /* size of shared memory region */ uint32_t ivshmem_64bit; Peer *peers; @@ -361,7 +361,7 @@ static int check_shm_size(IVShmemState *s, int fd, Error **errp) if (s->ivshmem_size > buf.st_size) { error_setg(errp, "Requested memory size greater" - " than shared object size (%" PRIu64 " > %" PRIu64")", + " than shared object size (%zu > %" PRIu64")", s->ivshmem_size, (uint64_t)buf.st_size); return -1; } else { @@ -865,7 +865,8 @@ static void pci_ivshmem_realize(PCIDevice *dev, Error **errp) } else { char *end; int64_t size = qemu_strtosz(s->sizearg, &end); - if (size < 0 || *end != '\0' || !is_power_of_2(size)) { + if (size < 0 || (size_t)size != size || *end != '\0' + || !is_power_of_2(size)) { error_setg(errp, "Invalid size %s", s->sizearg); return; } |
