xen-changelog

[Top] [All Lists]

[Xen-changelog] [xen-unstable] libxc: Avoid overflow in xc_domain_dumpco

from [Xen patchbot-unstable]

[Permanent Link][Original]

To:	xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject:	[Xen-changelog] [xen-unstable] libxc: Avoid overflow in xc_domain_dumpcore_via_callback().
From:	Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date:	Mon, 15 Oct 2007 11:40:10 -0700
Delivery-date:	Mon, 15 Oct 2007 11:40:31 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
List-help:	<mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id:	BK change log <xen-changelog.lists.xensource.com>
List-post:	<mailto:xen-changelog@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to:	xen-devel@xxxxxxxxxxxxxxxxxxx
Sender:	xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx

# HG changeset patch
# User Keir Fraser <keir@xxxxxxxxxxxxx>
# Date 1192447243 -3600
# Node ID c19c51317eebe8e852dd4ad90ca19880397fa3b4
# Parent  c918a68617c9d562fb697165ea6ddbe665b92aae
libxc: Avoid overflow in xc_domain_dumpcore_via_callback().
nr_pages*PAGE_SIZE can overflow a 32-bit long.
From: Daisuke Nishimura <nishimura@xxxxxxxxxxxxxxxxx>
Signed-off-by: Keir Fraser <keir@xxxxxxxxxxxxx>
---
 tools/libxc/xc_core.c |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff -r c918a68617c9 -r c19c51317eeb tools/libxc/xc_core.c
--- a/tools/libxc/xc_core.c     Mon Oct 15 12:13:41 2007 +0100
+++ b/tools/libxc/xc_core.c     Mon Oct 15 12:20:43 2007 +0100
@@ -628,7 +628,7 @@ xc_domain_dumpcore_via_callback(int xc_h
         PERROR("could not get section headers for .xen_pages");
         goto out;
     }
-    filesz = nr_pages * PAGE_SIZE;
+    filesz = (uint64_t)nr_pages * PAGE_SIZE;
     sts = xc_core_shdr_set(shdr, strtab, XEN_DUMPCORE_SEC_PAGES, SHT_PROGBITS,
                            offset, filesz, PAGE_SIZE, PAGE_SIZE);
     if ( sts != 0 )
@@ -644,7 +644,7 @@ xc_domain_dumpcore_via_callback(int xc_h
     }
     if ( !auto_translated_physmap )
     {
-        filesz = nr_pages * sizeof(p2m_array[0]);
+        filesz = (uint64_t)nr_pages * sizeof(p2m_array[0]);
         sts = xc_core_shdr_set(shdr, strtab, XEN_DUMPCORE_SEC_P2M,
                                SHT_PROGBITS,
                                offset, filesz, __alignof__(p2m_array[0]),
@@ -652,7 +652,7 @@ xc_domain_dumpcore_via_callback(int xc_h
     }
     else
     {
-        filesz = nr_pages * sizeof(pfn_array[0]);
+        filesz = (uint64_t)nr_pages * sizeof(pfn_array[0]);
         sts = xc_core_shdr_set(shdr, strtab, XEN_DUMPCORE_SEC_PFN,
                                SHT_PROGBITS,
                                offset, filesz, __alignof__(pfn_array[0]),

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-changelog] [xen-unstable] libxc: Avoid overflow in xc_domain_dumpcore_via_callback()., Xen patchbot-unstable <=

Previous by Date:	[Xen-changelog] [xen-unstable] x86/64: Do not clobber %r11 (user rflags) on syscall from guest, Xen patchbot-unstable
Next by Date:	[Xen-changelog] [xen-unstable] ioemu: Allow blktap to be able to be booted as system volume for PV-on-HVM, Xen patchbot-unstable
Previous by Thread:	[Xen-changelog] [xen-unstable] x86/64: Do not clobber %r11 (user rflags) on syscall from guest, Xen patchbot-unstable
Next by Thread:	[Xen-changelog] [xen-unstable] ioemu: Allow blktap to be able to be booted as system volume for PV-on-HVM, Xen patchbot-unstable
Indexes:	[Date] [Thread] [Top] [All Lists]