From 353fee1349a1917e01bda8f225554e7f71939364 Mon Sep 17 00:00:00 2001
From: John Levon <john.levon@nutanix.com>
Date: Fri, 12 Nov 2021 14:44:11 +0000
Subject: don't assert in dev_get_caps() (#621)

As clients control ->client_max_fds, we should return an error, not assert, if
we can't represent a region's mmap_areas.

Found via AFL++.

Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Swapnil Ingle <swapnil.ingle@nutanix.com>
---
 lib/libvfio-user.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

(limited to 'lib')

diff --git a/lib/libvfio-user.c b/lib/libvfio-user.c
index 3bbad42..94a3419 100644
--- a/lib/libvfio-user.c
+++ b/lib/libvfio-user.c
@@ -138,11 +138,12 @@ dev_get_caps(vfu_ctx_t *vfu_ctx, vfu_reg_info_t *vfu_reg, bool is_migr_reg,
             sparse = (struct vfio_region_info_cap_sparse_mmap*)header;
         }
 
-        /*
-         * FIXME need to figure out how to break message into smaller messages
-         * so that we don't exceed client_max_fds
-         */
-        assert(nr_mmap_areas <= vfu_ctx->client_max_fds);
+        if (nr_mmap_areas > vfu_ctx->client_max_fds) {
+            vfu_log(vfu_ctx, LOG_DEBUG, "%s: region has nr_mmap_areas=%d, "
+                    "but client only supports %d fds", __func__,
+                    nr_mmap_areas, vfu_ctx->client_max_fds);
+            return ERROR_INT(ENOSPC);
+        }
 
         *fds = malloc(nr_mmap_areas * sizeof(int));
         if (*fds == NULL) {
-- 
cgit v1.1