From d8a08f1a18370bcad4fa99a16bdbfc63dbbd35ad Mon Sep 17 00:00:00 2001
From: John Levon <john.levon@nutanix.com>
Date: Wed, 24 Nov 2021 23:45:27 +0000
Subject: check ->argsz for VFIO_USER_DIRTY_PAGES (#628)

We weren't checking for a too-large ->argsz for this command.

Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
---
 test/py/test_dirty_pages.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'test')

diff --git a/test/py/test_dirty_pages.py b/test/py/test_dirty_pages.py
index a5b85dc..9baf6cd 100644
--- a/test/py/test_dirty_pages.py
+++ b/test/py/test_dirty_pages.py
@@ -182,6 +182,18 @@ def test_dirty_pages_get_bad_bitmap_size():
     msg(ctx, sock, VFIO_USER_DIRTY_PAGES, payload, expect=errno.EINVAL)
 
 
+def test_dirty_pages_get_bad_argsz():
+    dirty_pages = vfio_user_dirty_pages(argsz=SERVER_MAX_DATA_XFER_SIZE + 8,
+        flags=VFIO_IOMMU_DIRTY_PAGES_FLAG_GET_BITMAP)
+    bitmap = vfio_user_bitmap(pgsize=0x1000,
+                              size=SERVER_MAX_DATA_XFER_SIZE + 8)
+    br = vfio_user_bitmap_range(iova=0x10000, size=0x10000, bitmap=bitmap)
+
+    payload = bytes(dirty_pages) + bytes(br)
+
+    msg(ctx, sock, VFIO_USER_DIRTY_PAGES, payload, expect=errno.EINVAL)
+
+
 def test_dirty_pages_get_short_reply():
     dirty_pages = vfio_user_dirty_pages(argsz=len(vfio_user_dirty_pages()),
         flags=VFIO_IOMMU_DIRTY_PAGES_FLAG_GET_BITMAP)
-- 
cgit v1.1