WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-changelog

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-changelog] [xen-3.4-testing] libxc: Check full range of pfns for xc

from [Xen patchbot-3.4-testing] [Permanent Link][Original]
To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-3.4-testing] libxc: Check full range of pfns for xc_dom_pfn_to_ptr
From: "Xen patchbot-3.4-testing" <patchbot-3.4-testing@xxxxxxxxxxxxxxxxxxx>
Date: Mon, 08 Feb 2010 02:45:12 -0800
Delivery-date: Mon, 08 Feb 2010 02:45:09 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx 
# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1265625247 0
# Node ID 11c5101f526708ec8a7118329e07bb1fffa9eca4
# Parent  35a62fbdb74d621d2b629fcfda5d871431650729
libxc: Check full range of pfns for xc_dom_pfn_to_ptr

Previously, passing a valid pfn but an overly large count to
xc_dom_pfn_to_ptr, and functions which call it, would run off the end
of the pfn array giving undefined behaviour.

It is tempting to change this check to an assert, as no callers should
be providing invalid parameters here.  But this is probably best not
done while frozen for 4.0.

Signed-off-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
xen-unstable changeset:   20888:02107eca8fb7
xen-unstable date:        Wed Feb 03 09:45:40 2010 +0000
---
 tools/libxc/xc_dom_core.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletion(-)

diff -r 35a62fbdb74d -r 11c5101f5267 tools/libxc/xc_dom_core.c
--- a/tools/libxc/xc_dom_core.c Wed Feb 03 09:53:37 2010 +0000
+++ b/tools/libxc/xc_dom_core.c Mon Feb 08 10:34:07 2010 +0000
@@ -288,7 +288,9 @@ void *xc_dom_pfn_to_ptr(struct xc_dom_im
     unsigned int page_shift = XC_DOM_PAGE_SHIFT(dom);
     char *mode = "unset";
 
-    if ( pfn > dom->total_pages )
+    if ( pfn > dom->total_pages ||    /* multiple checks to avoid overflows */
+         count > dom->total_pages ||
+         pfn > dom->total_pages - count )
     {
         xc_dom_printf("%s: pfn out of range (0x%" PRIpfn " > 0x%" PRIpfn ")\n",
                       __FUNCTION__, pfn, dom->total_pages);

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-3.4-testing] libxc: Check full range of pfns for xc_dom_pfn_to_ptr, Xen patchbot-3.4-testing <=
Previous by Date:  [Xen-changelog] [xen-unstable] Dump machine check context for fatal machine check, Xen patchbot-unstable
Next by Date:  [Xen-changelog] [xen-3.4-testing] libxc: Check there's enough memory for segments we're creating, Xen patchbot-3.4-testing
Previous by Thread:  [Xen-changelog] [xen-unstable] Dump machine check context for fatal machine check, Xen patchbot-unstable
Next by Thread:  [Xen-changelog] [xen-3.4-testing] libxc: Check there's enough memory for segments we're creating, Xen patchbot-3.4-testing
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy