aboutsummaryrefslogtreecommitdiff
path: root/util/hbitmap.c
diff options
context:
space:
mode:
authorPaolo Bonzini <pbonzini@redhat.com>2013-01-22 15:01:12 +0100
committerKevin Wolf <kwolf@redhat.com>2013-01-25 18:18:35 +0100
commit1b0952445522af73b0e78420a9078b3653923703 (patch)
treeb736c93c1884f518c567d4ff3bd7dc9199ec4948 /util/hbitmap.c
parent88ff0e48eedd679a9dc1122676d8aa29f8d07571 (diff)
downloadqemu-1b0952445522af73b0e78420a9078b3653923703.zip
qemu-1b0952445522af73b0e78420a9078b3653923703.tar.gz
qemu-1b0952445522af73b0e78420a9078b3653923703.tar.bz2
hbitmap: add assertion on hbitmap_iter_init
hbitmap_iter_init causes an out-of-bounds access when the "first" argument is or greater than or equal to the size of the bitmap. Forbid this with an assertion, and remove the failing testcase. Reported-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Diffstat (limited to 'util/hbitmap.c')
-rw-r--r--util/hbitmap.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/util/hbitmap.c b/util/hbitmap.c
index fb7e01e..2aa487d 100644
--- a/util/hbitmap.c
+++ b/util/hbitmap.c
@@ -147,6 +147,7 @@ void hbitmap_iter_init(HBitmapIter *hbi, const HBitmap *hb, uint64_t first)
hbi->hb = hb;
pos = first >> hb->granularity;
+ assert(pos < hb->size);
hbi->pos = pos >> BITS_PER_LEVEL;
hbi->granularity = hb->granularity;