diff options
| author | John Levon <john.levon@nutanix.com> | 2023-10-02 14:06:38 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-10-02 14:06:38 +0100 |
| commit | 8d38e8c57923f736ffc8215b7b237c76d240e3b4 (patch) | |
| tree | fda7ef5d3223c51c391bd6b14915476a90de4416 /lib | |
| parent | 7da33b5aaef3e1bafe530138451e53cda541a504 (diff) | |
| download | libvfio-user-8d38e8c57923f736ffc8215b7b237c76d240e3b4.zip libvfio-user-8d38e8c57923f736ffc8215b7b237c76d240e3b4.tar.gz libvfio-user-8d38e8c57923f736ffc8215b7b237c76d240e3b4.tar.bz2 | |
fix VFIO_USER_DEVICE_GET_REGION_IO_FDS allocation (#785)
clang-tidy static analysis identified a zero-sized allocation in the
case that no ioregionfds had been configured. Fix this issue and add a
test for it.
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libvfio-user.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/lib/libvfio-user.c b/lib/libvfio-user.c index 47ae522..7f4d4ec 100644 --- a/lib/libvfio-user.c +++ b/lib/libvfio-user.c @@ -622,7 +622,8 @@ handle_device_get_region_io_fds(vfu_ctx_t *vfu_ctx, vfu_msg_t *msg) sizeof(vfio_user_sub_region_ioeventfd_t); msg->out.nr_fds = 0; - if (req->argsz >= reply->argsz) { + + if (max_sent_sub_regions > 0 && req->argsz >= reply->argsz) { msg->out.fds = calloc(sizeof(int), max_sent_sub_regions + nr_shadow_reg); if (msg->out.fds == NULL) { @@ -630,18 +631,22 @@ handle_device_get_region_io_fds(vfu_ctx_t *vfu_ctx, vfu_msg_t *msg) } sub_reg = LIST_FIRST(&vfu_reg->subregions); + for (i = 0; i < max_sent_sub_regions; i++) { + int fdi; ioefd = &reply->sub_regions[i].ioeventfd; ioefd->gpa_offset = sub_reg->gpa_offset; ioefd->size = sub_reg->size; - ioefd->fd_index = add_fd_index(msg->out.fds, &msg->out.nr_fds, - sub_reg->fd); + fdi = add_fd_index(msg->out.fds, &msg->out.nr_fds, sub_reg->fd); + ioefd->fd_index = fdi; if (sub_reg->shadow_fd == -1) { ioefd->type = VFIO_USER_IO_FD_TYPE_IOEVENTFD; } else { ioefd->type = VFIO_USER_IO_FD_TYPE_IOEVENTFD_SHADOW; - ioefd->shadow_mem_fd_index = add_fd_index(msg->out.fds, &msg->out.nr_fds, sub_reg->shadow_fd); + fdi = add_fd_index(msg->out.fds, &msg->out.nr_fds, + sub_reg->shadow_fd); + ioefd->shadow_mem_fd_index = fdi; } ioefd->flags = sub_reg->flags; ioefd->datamatch = sub_reg->datamatch; |