On 03/12/14 19:28, Eduardo Habkost wrote: > AcpiCpuHotplug_add() can't handle vCPU arch IDs larger than > ACPI_CPU_HOTPLUG_ID_LIMIT. Instead of corrupting memory in case the vCPU > ID is too large, use g_assert() to ensure we are not over the limit. > > Signed-off-by: Eduardo Habkost <ehabk...@redhat.com> > --- > hw/acpi/cpu_hotplug.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/hw/acpi/cpu_hotplug.c b/hw/acpi/cpu_hotplug.c > index 48928dc..2ad83a0 100644 > --- a/hw/acpi/cpu_hotplug.c > +++ b/hw/acpi/cpu_hotplug.c > @@ -43,6 +43,7 @@ void AcpiCpuHotplug_add(ACPIGPE *gpe, AcpiCpuHotplug *g, > CPUState *cpu) > > *gpe->sts = *gpe->sts | ACPI_CPU_HOTPLUG_STATUS; > cpu_id = k->get_arch_id(CPU(cpu)); > + g_assert((cpu_id / 8) < ACPI_GPE_PROC_LEN); > g->sts[cpu_id / 8] |= (1 << (cpu_id % 8)); > } > >
Reviewed-by: Laszlo Ersek <ler...@redhat.com>
