fix: buffer overflow in DMA report generator

Signed-off-by: William Henderson <william.henderson@nutanix.com>
author: William Henderson <william.henderson@nutanix.com> 2023-08-17 13:30:27 +0000
committer: John Levon <john.levon@nutanix.com> 2023-09-15 12:59:39 +0100
commit: d2b23fd9a92272aa4da6a7d6bba48b5cdd3453a4 (patch)
tree: 52aaf7c6a83dabf293b21f54e03dfa7c5d844c09
parent: 8a88c5e2b257a6100a6e7c673ed1b27394d26725 (diff)
download: libvfio-user-d2b23fd9a92272aa4da6a7d6bba48b5cdd3453a4.zip
libvfio-user-d2b23fd9a92272aa4da6a7d6bba48b5cdd3453a4.tar.gz
libvfio-user-d2b23fd9a92272aa4da6a7d6bba48b5cdd3453a4.tar.bz2
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/dma.c b/lib/dma.c
index 79bfd7d..ce3217d 100644
--- a/lib/dma.c
+++ b/lib/dma.c
@@ -629,7 +629,8 @@ dma_controller_dirty_page_get(dma_controller_t *dma, vfu_dma_addr_t addr,
 
     bit = 0;
 
-    for (i = 0; i < (size_t)bitmap_size; i++) {
+    for (i = 0; i < (size_t)bitmap_size &&
+         bit / 8 < (size_t)converted_bitmap_size; i++) {
         uint8_t val = region->dirty_bitmap[i];
         uint8_t *outp = (uint8_t *)&bitmap[i];
         uint8_t out = 0;
author	William Henderson <william.henderson@nutanix.com>	2023-08-17 13:30:27 +0000
committer	John Levon <john.levon@nutanix.com>	2023-09-15 12:59:39 +0100
commit	d2b23fd9a92272aa4da6a7d6bba48b5cdd3453a4 (patch)
tree	52aaf7c6a83dabf293b21f54e03dfa7c5d844c09
parent	8a88c5e2b257a6100a6e7c673ed1b27394d26725 (diff)
download	libvfio-user-d2b23fd9a92272aa4da6a7d6bba48b5cdd3453a4.zip libvfio-user-d2b23fd9a92272aa4da6a7d6bba48b5cdd3453a4.tar.gz libvfio-user-d2b23fd9a92272aa4da6a7d6bba48b5cdd3453a4.tar.bz2