diff options
author | John Levon <john.levon@nutanix.com> | 2024-03-21 16:21:39 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-03-21 16:21:39 +0000 |
commit | b646559cc90f1a1f475fc47048bbbd955e20f4a2 (patch) | |
tree | 0826af01291578e80b922e22d6651f070ee2783b /test/py/test_device_set_irqs.py | |
parent | 6f6fdc58b78aa9698c116962a470a03f4292a477 (diff) | |
download | libvfio-user-b646559cc90f1a1f475fc47048bbbd955e20f4a2.zip libvfio-user-b646559cc90f1a1f475fc47048bbbd955e20f4a2.tar.gz libvfio-user-b646559cc90f1a1f475fc47048bbbd955e20f4a2.tar.bz2 |
correct IRQ range check (#791)
Our previous fuzzing attempts missed this incorrect range check, but
SPDK's fuzzing did catch it. Make the check using a saturating add so
that we account for overflow.
Fixes issue #790.
Reported-by: Sebastian Brzezinka <sebastian.brzezinka@intel.com>
Signed-off-by: John Levon <john.levon@nutanix.com>
Diffstat (limited to 'test/py/test_device_set_irqs.py')
-rw-r--r-- | test/py/test_device_set_irqs.py | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/test/py/test_device_set_irqs.py b/test/py/test_device_set_irqs.py index a2a2701..a8a1bd0 100644 --- a/test/py/test_device_set_irqs.py +++ b/test/py/test_device_set_irqs.py @@ -133,6 +133,15 @@ def test_device_set_irqs_bad_start_count_range2(): expect=errno.EINVAL) +def test_device_set_irqs_bad_start_count_range3(): + payload = vfio_irq_set(argsz=argsz, flags=VFIO_IRQ_SET_ACTION_TRIGGER | + VFIO_IRQ_SET_DATA_EVENTFD, index=VFU_DEV_MSIX_IRQ, + start=284, count=0xffffffff) + + msg(ctx, client.sock, VFIO_USER_DEVICE_SET_IRQS, payload, + expect=errno.EINVAL) + + def test_device_set_irqs_bad_action_for_err_irq(): payload = vfio_irq_set(argsz=argsz, flags=VFIO_IRQ_SET_ACTION_MASK | VFIO_IRQ_SET_DATA_NONE, index=VFU_DEV_ERR_IRQ, |