ivshmem-client: check the number of vectors

Check the number of vectors received from the server, to avoid out of bound array access. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
author: Marc-André Lureau <marcandre.lureau@redhat.com> 2015-06-23 16:41:58 +0200
committer: Marc-André Lureau <marcandre.lureau@redhat.com> 2015-10-24 18:03:16 +0200
commit: 95204aa951ceb28eb6d4ce43bce09a58cbad83d8 (patch)
tree: 676d10fcac8d65ba893b2e78088f7c57a72e5f0f /contrib/ivshmem-client/ivshmem-client.c
parent: a75eb03b9fca3af291ec2c433ddda06121ae927d (diff)
download: focaccia-qemu-95204aa951ceb28eb6d4ce43bce09a58cbad83d8.tar.gz
focaccia-qemu-95204aa951ceb28eb6d4ce43bce09a58cbad83d8.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/contrib/ivshmem-client/ivshmem-client.c b/contrib/ivshmem-client/ivshmem-client.c
index fcc0930eb6..bfaf584ba7 100644
--- a/contrib/ivshmem-client/ivshmem-client.c
+++ b/contrib/ivshmem-client/ivshmem-client.c
@@ -128,6 +128,11 @@ ivshmem_client_handle_server_msg(IvshmemClient *client)
     /* new vector */
     IVSHMEM_CLIENT_DEBUG(client, "  new vector %d (fd=%d) for peer id %ld\n",
                          peer->vectors_count, fd, peer->id);
+    if (peer->vectors_count >= G_N_ELEMENTS(peer->vectors)) {
+        IVSHMEM_CLIENT_DEBUG(client, "Too many vectors received, failing");
+        return -1;
+    }
+
     peer->vectors[peer->vectors_count] = fd;
     peer->vectors_count++;
author	Marc-André Lureau <marcandre.lureau@redhat.com>	2015-06-23 16:41:58 +0200
committer	Marc-André Lureau <marcandre.lureau@redhat.com>	2015-10-24 18:03:16 +0200
commit	95204aa951ceb28eb6d4ce43bce09a58cbad83d8 (patch)
tree	676d10fcac8d65ba893b2e78088f7c57a72e5f0f /contrib/ivshmem-client/ivshmem-client.c
parent	a75eb03b9fca3af291ec2c433ddda06121ae927d (diff)
download	focaccia-qemu-95204aa951ceb28eb6d4ce43bce09a58cbad83d8.tar.gz focaccia-qemu-95204aa951ceb28eb6d4ce43bce09a58cbad83d8.zip