diff options
author | William Henderson <william.henderson@nutanix.com> | 2023-08-17 13:30:27 +0000 |
---|---|---|
committer | John Levon <john.levon@nutanix.com> | 2023-09-15 12:59:39 +0100 |
commit | d2b23fd9a92272aa4da6a7d6bba48b5cdd3453a4 (patch) | |
tree | 52aaf7c6a83dabf293b21f54e03dfa7c5d844c09 | |
parent | 8a88c5e2b257a6100a6e7c673ed1b27394d26725 (diff) | |
download | libvfio-user-d2b23fd9a92272aa4da6a7d6bba48b5cdd3453a4.zip libvfio-user-d2b23fd9a92272aa4da6a7d6bba48b5cdd3453a4.tar.gz libvfio-user-d2b23fd9a92272aa4da6a7d6bba48b5cdd3453a4.tar.bz2 |
fix: buffer overflow in DMA report generator
Signed-off-by: William Henderson <william.henderson@nutanix.com>
-rw-r--r-- | lib/dma.c | 3 |
1 files changed, 2 insertions, 1 deletions
@@ -629,7 +629,8 @@ dma_controller_dirty_page_get(dma_controller_t *dma, vfu_dma_addr_t addr, bit = 0; - for (i = 0; i < (size_t)bitmap_size; i++) { + for (i = 0; i < (size_t)bitmap_size && + bit / 8 < (size_t)converted_bitmap_size; i++) { uint8_t val = region->dirty_bitmap[i]; uint8_t *outp = (uint8_t *)&bitmap[i]; uint8_t out = 0; |