WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-changelog

[Xen-changelog] [xen-3.1-testing] libxc: Avoid overflow in xc_domain_dum

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-3.1-testing] libxc: Avoid overflow in xc_domain_dumpcore_via_callback().
From: "Xen patchbot-3.1-testing" <patchbot-3.1-testing@xxxxxxxxxxxxxxxxxxx>
Date: Fri, 19 Oct 2007 11:00:35 -0700
Delivery-date: Fri, 19 Oct 2007 11:01:50 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User Keir Fraser <keir@xxxxxxxxxxxxx>
# Date 1192714803 -3600
# Node ID f25ece9e1af409b4f6e5fa9836be680c5876b90d
# Parent  cb6254fd69136b0b0d8b71e75d1a7435c8433a52
libxc: Avoid overflow in xc_domain_dumpcore_via_callback().
nr_pages*PAGE_SIZE can overflow a 32-bit long.
From: Daisuke Nishimura <nishimura@xxxxxxxxxxxxxxxxx>
Signed-off-by: Keir Fraser <keir@xxxxxxxxxxxxx>
xen-unstable changeset:   16111:c19c51317eebe8e852dd4ad90ca19880397fa3b4
xen-unstable date:        Mon Oct 15 12:20:43 2007 +0100
---
 tools/libxc/xc_core.c |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff -r cb6254fd6913 -r f25ece9e1af4 tools/libxc/xc_core.c
--- a/tools/libxc/xc_core.c     Thu Oct 18 09:59:20 2007 +0100
+++ b/tools/libxc/xc_core.c     Thu Oct 18 14:40:03 2007 +0100
@@ -580,7 +580,7 @@ xc_domain_dumpcore_via_callback(int xc_h
     }
     if ( !auto_translated_physmap )
     {
-        filesz = nr_pages * sizeof(p2m_array[0]);
+        filesz = (uint64_t)nr_pages * sizeof(p2m_array[0]);
         sts = xc_core_shdr_set(shdr, strtab, XEN_DUMPCORE_SEC_P2M,
                                SHT_PROGBITS,
                                offset, filesz, __alignof__(p2m_array[0]),
@@ -590,7 +590,7 @@ xc_domain_dumpcore_via_callback(int xc_h
     }
     else
     {
-        filesz = nr_pages * sizeof(pfn_array[0]);
+        filesz = (uint64_t)nr_pages * sizeof(pfn_array[0]);
         sts = xc_core_shdr_set(shdr, strtab, XEN_DUMPCORE_SEC_PFN,
                                SHT_PROGBITS,
                                offset, filesz, __alignof__(pfn_array[0]),
@@ -620,7 +620,7 @@ xc_domain_dumpcore_via_callback(int xc_h
     dummy_len = ROUNDUP(offset, PAGE_SHIFT) - offset; /* padding length */
     offset += dummy_len;
 
-    filesz = nr_pages * PAGE_SIZE;
+    filesz = (uint64_t)nr_pages * PAGE_SIZE;
     sts = xc_core_shdr_set(shdr, strtab, XEN_DUMPCORE_SEC_PAGES, SHT_PROGBITS,
                            offset, filesz, PAGE_SIZE, PAGE_SIZE);
     if ( sts != 0 )

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-3.1-testing] libxc: Avoid overflow in xc_domain_dumpcore_via_callback()., Xen patchbot-3.1-testing <=