On 12/06/18 18:40, Andrew Cooper wrote: > On 12/06/18 09:27, Jan Beulich wrote: >>> + end = start + total; >>> + ent = locate_msr_entry(start + substart, start + subend, msr); >>> + >>> + if ( (ent == end) || (ent->index != msr) ) >>> + return -ESRCH; >>> + >>> + memmove(ent, ent + 1, sizeof(*ent) * (end - ent)); >> Aren't you running over the end of the array by 1 entry here? > ent == end is an error condition above. By this point, ent is > guaranteed to be < end.
Although on further consideration, the size parameter should be (end - ent - 1) to avoid moving the entry beyond the end of the array. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
