"Dr. David Alan Gilbert" <dgilb...@redhat.com> wrote:
> * Juan Quintela (quint...@redhat.com) wrote:
>> "Dr. David Alan Gilbert" <dgilb...@redhat.com> wrote:
>> > * Juan Quintela (quint...@redhat.com) wrote:
>> > I think that needs validating to ensure that the source didn't
>> > send us junk and cause us to overwrite after the end of block->host
>>
>> if (offset > block->used_length) {
>> error_setg(errp, "multifd: offest too long %" PRId64
>> " (max %" PRId64 ")",
>> offset, block->max_length);
>> return -1;
>> }
>> ??
>
> It's probably (offset + TARGET_PAGE_SIZE) that needs checking
> but it needs doing in a wrap-safe way.
>
if ((offset + TARGET_PAGE_SIZE) < offset) {
error_setg(errp, "multifd: offset %" PRId64 " wraps around"
" with offset: %" PRId64, offset, block->max_length);
return -1;
}
if ((offset + TARGET_PAGE_SIZE) > block->used_length) {
error_setg(errp, "multifd: offset too long %" PRId64
" (max %" PRId64 ")",
offset, block->max_length);
return -1;
}
Sometimes I wonder how is that we don't have
ramblock_contains_range(ramblock, start, size);
But well, c'est la vie.
Later, Juan.
