From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:56844) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Yrn7d-0001zb-FH for qemu-devel@nongnu.org; Mon, 11 May 2015 08:47:50 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Yrn7c-0002Q1-Ll for qemu-devel@nongnu.org; Mon, 11 May 2015 08:47:49 -0400 Received: from mx1.redhat.com ([209.132.183.28]:40889) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Yrn7c-0002Pr-9e for qemu-devel@nongnu.org; Mon, 11 May 2015 08:47:48 -0400 Date: Mon, 11 May 2015 14:47:43 +0200 From: "Michael S. Tsirkin" Message-ID: <1431329108-2605-11-git-send-email-mst@redhat.com> References: <1431329108-2605-1-git-send-email-mst@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1431329108-2605-1-git-send-email-mst@redhat.com> Subject: [Qemu-devel] [PULL 10/28] monitor: check return value of qemu_find_net_clients_except() List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: Peter Maydell , Jason Wang , Luiz Capitulino From: Jason Wang qemu_find_net_clients_except() may return a value which is greater than the size of array we provided. So we should check this value before using it, otherwise this may cause unexpected memory access. This patch fixes the net related command completion when we have a virtio-net nic with more than 255 queues. Cc: Luiz Capitulino Signed-off-by: Jason Wang Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin --- monitor.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/monitor.c b/monitor.c index 9d18b7f..c902412 100644 --- a/monitor.c +++ b/monitor.c @@ -4477,7 +4477,7 @@ void set_link_completion(ReadLineState *rs, int nb_args, const char *str) count = qemu_find_net_clients_except(NULL, ncs, NET_CLIENT_OPTIONS_KIND_NONE, MAX_QUEUE_NUM); - for (i = 0; i < count; i++) { + for (i = 0; i < MIN(count, MAX_QUEUE_NUM); i++) { const char *name = ncs[i]->name; if (!strncmp(str, name, len)) { readline_add_completion(rs, name); @@ -4502,7 +4502,7 @@ void netdev_del_completion(ReadLineState *rs, int nb_args, const char *str) readline_set_completion_index(rs, len); count = qemu_find_net_clients_except(NULL, ncs, NET_CLIENT_OPTIONS_KIND_NIC, MAX_QUEUE_NUM); - for (i = 0; i < count; i++) { + for (i = 0; i < MIN(count, MAX_QUEUE_NUM); i++) { QemuOpts *opts; const char *name = ncs[i]->name; if (strncmp(str, name, len)) { @@ -4576,7 +4576,7 @@ void host_net_remove_completion(ReadLineState *rs, int nb_args, const char *str) count = qemu_find_net_clients_except(NULL, ncs, NET_CLIENT_OPTIONS_KIND_NONE, MAX_QUEUE_NUM); - for (i = 0; i < count; i++) { + for (i = 0; i < MIN(count, MAX_QUEUE_NUM); i++) { int id; char name[16]; @@ -4593,7 +4593,7 @@ void host_net_remove_completion(ReadLineState *rs, int nb_args, const char *str) count = qemu_find_net_clients_except(NULL, ncs, NET_CLIENT_OPTIONS_KIND_NIC, MAX_QUEUE_NUM); - for (i = 0; i < count; i++) { + for (i = 0; i < MIN(count, MAX_QUEUE_NUM); i++) { int id; const char *name; -- MST