 Home |
Products |
Support |
Community |
News |
xen-changelog
[Xen-changelog] [xen-3.1-testing] libxc: Avoid overflow in xc_domain_dum
| To: | xen-changelog@xxxxxxxxxxxxxxxxxxx |
|---|---|
| Subject: | [Xen-changelog] [xen-3.1-testing] libxc: Avoid overflow in xc_domain_dumpcore_via_callback(). |
| From: | "Xen patchbot-3.1-testing" <patchbot-3.1-testing@xxxxxxxxxxxxxxxxxxx> |
| Date: | Fri, 19 Oct 2007 11:00:35 -0700 |
| Delivery-date: | Fri, 19 Oct 2007 11:01:50 -0700 |
| Envelope-to: | www-data@xxxxxxxxxxxxxxxxxx |
| List-help: | <mailto:xen-changelog-request@lists.xensource.com?subject=help> |
| List-id: | BK change log <xen-changelog.lists.xensource.com> |
| List-post: | <mailto:xen-changelog@lists.xensource.com> |
| List-subscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe> |
| List-unsubscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe> |
| Reply-to: | xen-devel@xxxxxxxxxxxxxxxxxxx |
| Sender: | xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx |
# HG changeset patch
# User Keir Fraser <keir@xxxxxxxxxxxxx>
# Date 1192714803 -3600
# Node ID f25ece9e1af409b4f6e5fa9836be680c5876b90d
# Parent cb6254fd69136b0b0d8b71e75d1a7435c8433a52
libxc: Avoid overflow in xc_domain_dumpcore_via_callback().
nr_pages*PAGE_SIZE can overflow a 32-bit long.
From: Daisuke Nishimura <nishimura@xxxxxxxxxxxxxxxxx>
Signed-off-by: Keir Fraser <keir@xxxxxxxxxxxxx>
xen-unstable changeset: 16111:c19c51317eebe8e852dd4ad90ca19880397fa3b4
xen-unstable date: Mon Oct 15 12:20:43 2007 +0100
---
tools/libxc/xc_core.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff -r cb6254fd6913 -r f25ece9e1af4 tools/libxc/xc_core.c
--- a/tools/libxc/xc_core.c Thu Oct 18 09:59:20 2007 +0100
+++ b/tools/libxc/xc_core.c Thu Oct 18 14:40:03 2007 +0100
@@ -580,7 +580,7 @@ xc_domain_dumpcore_via_callback(int xc_h
}
if ( !auto_translated_physmap )
{
- filesz = nr_pages * sizeof(p2m_array[0]);
+ filesz = (uint64_t)nr_pages * sizeof(p2m_array[0]);
sts = xc_core_shdr_set(shdr, strtab, XEN_DUMPCORE_SEC_P2M,
SHT_PROGBITS,
offset, filesz, __alignof__(p2m_array[0]),
@@ -590,7 +590,7 @@ xc_domain_dumpcore_via_callback(int xc_h
}
else
{
- filesz = nr_pages * sizeof(pfn_array[0]);
+ filesz = (uint64_t)nr_pages * sizeof(pfn_array[0]);
sts = xc_core_shdr_set(shdr, strtab, XEN_DUMPCORE_SEC_PFN,
SHT_PROGBITS,
offset, filesz, __alignof__(pfn_array[0]),
@@ -620,7 +620,7 @@ xc_domain_dumpcore_via_callback(int xc_h
dummy_len = ROUNDUP(offset, PAGE_SHIFT) - offset; /* padding length */
offset += dummy_len;
- filesz = nr_pages * PAGE_SIZE;
+ filesz = (uint64_t)nr_pages * PAGE_SIZE;
sts = xc_core_shdr_set(shdr, strtab, XEN_DUMPCORE_SEC_PAGES, SHT_PROGBITS,
offset, filesz, PAGE_SIZE, PAGE_SIZE);
if ( sts != 0 )
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [Xen-changelog] [xen-3.1-testing] xfs: eagerly remove vmap mappings to avoid upsetting Xen, Xen patchbot-3.1-testing |
|---|---|
| Next by Date: | [Xen-changelog] [xen-3.1-testing] Add fs/xfs/linux-2.6/xfs_buf.c to Linux sparse tree., Xen patchbot-3.1-testing |
| Previous by Thread: | [Xen-changelog] [xen-3.1-testing] xfs: eagerly remove vmap mappings to avoid upsetting Xen, Xen patchbot-3.1-testing |
| Next by Thread: | [Xen-changelog] [xen-3.1-testing] Add fs/xfs/linux-2.6/xfs_buf.c to Linux sparse tree., Xen patchbot-3.1-testing |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
