This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-changelog] [xen-unstable] xentrace: fix type of offset to avoid ouf

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-unstable] xentrace: fix type of offset to avoid ouf-of-bounds access
From: Xen patchbot-unstable <patchbot@xxxxxxx>
Date: Thu, 16 Jun 2011 11:11:50 +0100
Delivery-date: Thu, 16 Jun 2011 03:17:02 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User Olaf Hering <olaf@xxxxxxxxx>
# Date 1306409730 -3600
# Node ID 3057b531d905fe82dcd8e490e6616bdbbcb59063
# Parent  dd0eb070ee44835324084a343140c87c6b08265c
xentrace: fix type of offset to avoid ouf-of-bounds access

Update the type of the local offset variable to match the type where
this variable is stored. Also update the type of t_info_first_offset
because it has also a limited range.

Signed-off-by: Olaf Hering <olaf@xxxxxxxxx>
Acked-by: George Dunlap <george.dunlap@xxxxxxxxxxxxx>

diff -r dd0eb070ee44 -r 3057b531d905 xen/common/trace.c
--- a/xen/common/trace.c        Thu May 26 12:34:44 2011 +0100
+++ b/xen/common/trace.c        Thu May 26 12:35:30 2011 +0100
@@ -106,7 +106,7 @@
  * The t_info layout is fixed and cant be changed without breaking xentrace.
  * Initialize t_info_pages based on number of trace pages.
-static int calculate_tbuf_size(unsigned int pages, uint32_t 
+static int calculate_tbuf_size(unsigned int pages, uint16_t 
     struct t_buf dummy_size;
     typeof(dummy_size.prod) max_size;
@@ -170,8 +170,8 @@
     int i, cpu, order;
     /* Start after a fixed-size array of NR_CPUS */
     uint32_t *t_info_mfn_list;
-    uint32_t t_info_first_offset;
-    int offset;
+    uint16_t t_info_first_offset;
+    uint16_t offset;
     if ( t_info )
         return -EBUSY;
@@ -179,7 +179,7 @@
     if ( pages == 0 )
         return -EINVAL;
-    /* Calculate offset in u32 of first mfn */
+    /* Calculate offset in units of u32 of first mfn */
     t_info_first_offset = calc_tinfo_first_offset();
     pages = calculate_tbuf_size(pages, t_info_first_offset);

Xen-changelog mailing list

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-unstable] xentrace: fix type of offset to avoid ouf-of-bounds access, Xen patchbot-unstable <=