From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60712) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WOXrw-0003H3-Ax for qemu-devel@nongnu.org; Fri, 14 Mar 2014 15:34:19 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WOXrp-0005FQ-7i for qemu-devel@nongnu.org; Fri, 14 Mar 2014 15:34:12 -0400 Received: from mx1.redhat.com ([209.132.183.28]:23028) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WOXro-0005FE-W9 for qemu-devel@nongnu.org; Fri, 14 Mar 2014 15:34:05 -0400 From: Eduardo Habkost Date: Fri, 14 Mar 2014 16:33:52 -0300 Message-Id: <1394825636-8866-4-git-send-email-ehabkost@redhat.com> In-Reply-To: <1394825636-8866-1-git-send-email-ehabkost@redhat.com> References: <1394825636-8866-1-git-send-email-ehabkost@redhat.com> Subject: [Qemu-devel] [PATCH v4 3/7] acpi: Assert sts array limit on AcpiCpuHotplug_add() List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: Igor Mammedov , Laszlo Ersek , =?UTF-8?q?Andreas=20F=C3=A4rber?= , "Michael S. Tsirkin" AcpiCpuHotplug_add() can't handle vCPU arch IDs larger than ACPI_CPU_HOTPLUG_ID_LIMIT. Instead of corrupting memory in case the vCPU ID is too large, use g_assert() to ensure we are not over the limit. Signed-off-by: Eduardo Habkost Reviewed-by: Laszlo Ersek --- hw/acpi/cpu_hotplug.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/acpi/cpu_hotplug.c b/hw/acpi/cpu_hotplug.c index 48928dc..2ad83a0 100644 --- a/hw/acpi/cpu_hotplug.c +++ b/hw/acpi/cpu_hotplug.c @@ -43,6 +43,7 @@ void AcpiCpuHotplug_add(ACPIGPE *gpe, AcpiCpuHotplug *g, CPUState *cpu) *gpe->sts = *gpe->sts | ACPI_CPU_HOTPLUG_STATUS; cpu_id = k->get_arch_id(CPU(cpu)); + g_assert((cpu_id / 8) < ACPI_GPE_PROC_LEN); g->sts[cpu_id / 8] |= (1 << (cpu_id % 8)); } -- 1.8.5.3