diff options
author | John Levon <john.levon@nutanix.com> | 2021-11-12 14:44:11 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-11-12 14:44:11 +0000 |
commit | 353fee1349a1917e01bda8f225554e7f71939364 (patch) | |
tree | bb746205d79c8e3e5146b89fd30eac18b3e89973 /lib | |
parent | 56842967566dcf4b89514949a6e88ba89eeaf268 (diff) | |
download | libvfio-user-353fee1349a1917e01bda8f225554e7f71939364.zip libvfio-user-353fee1349a1917e01bda8f225554e7f71939364.tar.gz libvfio-user-353fee1349a1917e01bda8f225554e7f71939364.tar.bz2 |
don't assert in dev_get_caps() (#621)
As clients control ->client_max_fds, we should return an error, not assert, if
we can't represent a region's mmap_areas.
Found via AFL++.
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Swapnil Ingle <swapnil.ingle@nutanix.com>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/libvfio-user.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/lib/libvfio-user.c b/lib/libvfio-user.c index 3bbad42..94a3419 100644 --- a/lib/libvfio-user.c +++ b/lib/libvfio-user.c @@ -138,11 +138,12 @@ dev_get_caps(vfu_ctx_t *vfu_ctx, vfu_reg_info_t *vfu_reg, bool is_migr_reg, sparse = (struct vfio_region_info_cap_sparse_mmap*)header; } - /* - * FIXME need to figure out how to break message into smaller messages - * so that we don't exceed client_max_fds - */ - assert(nr_mmap_areas <= vfu_ctx->client_max_fds); + if (nr_mmap_areas > vfu_ctx->client_max_fds) { + vfu_log(vfu_ctx, LOG_DEBUG, "%s: region has nr_mmap_areas=%d, " + "but client only supports %d fds", __func__, + nr_mmap_areas, vfu_ctx->client_max_fds); + return ERROR_INT(ENOSPC); + } *fds = malloc(nr_mmap_areas * sizeof(int)); if (*fds == NULL) { |