aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorJohn Levon <john.levon@nutanix.com>2021-11-12 14:44:11 +0000
committerGitHub <noreply@github.com>2021-11-12 14:44:11 +0000
commit353fee1349a1917e01bda8f225554e7f71939364 (patch)
treebb746205d79c8e3e5146b89fd30eac18b3e89973 /lib
parent56842967566dcf4b89514949a6e88ba89eeaf268 (diff)
downloadlibvfio-user-353fee1349a1917e01bda8f225554e7f71939364.zip
libvfio-user-353fee1349a1917e01bda8f225554e7f71939364.tar.gz
libvfio-user-353fee1349a1917e01bda8f225554e7f71939364.tar.bz2
don't assert in dev_get_caps() (#621)
As clients control ->client_max_fds, we should return an error, not assert, if we can't represent a region's mmap_areas. Found via AFL++. Signed-off-by: John Levon <john.levon@nutanix.com> Reviewed-by: Swapnil Ingle <swapnil.ingle@nutanix.com>
Diffstat (limited to 'lib')
-rw-r--r--lib/libvfio-user.c11
1 files changed, 6 insertions, 5 deletions
diff --git a/lib/libvfio-user.c b/lib/libvfio-user.c
index 3bbad42..94a3419 100644
--- a/lib/libvfio-user.c
+++ b/lib/libvfio-user.c
@@ -138,11 +138,12 @@ dev_get_caps(vfu_ctx_t *vfu_ctx, vfu_reg_info_t *vfu_reg, bool is_migr_reg,
sparse = (struct vfio_region_info_cap_sparse_mmap*)header;
}
- /*
- * FIXME need to figure out how to break message into smaller messages
- * so that we don't exceed client_max_fds
- */
- assert(nr_mmap_areas <= vfu_ctx->client_max_fds);
+ if (nr_mmap_areas > vfu_ctx->client_max_fds) {
+ vfu_log(vfu_ctx, LOG_DEBUG, "%s: region has nr_mmap_areas=%d, "
+ "but client only supports %d fds", __func__,
+ nr_mmap_areas, vfu_ctx->client_max_fds);
+ return ERROR_INT(ENOSPC);
+ }
*fds = malloc(nr_mmap_areas * sizeof(int));
if (*fds == NULL) {