* Juan Quintela (quint...@redhat.com) wrote:
> "Dr. David Alan Gilbert" <dgilb...@redhat.com> wrote:
> > * Juan Quintela (quint...@redhat.com) wrote:
> >> "Dr. David Alan Gilbert" <dgilb...@redhat.com> wrote:
> >> > * Juan Quintela (quint...@redhat.com) wrote:
> >> > I think that needs validating to ensure that the source didn't
> >> > send us junk and cause us to overwrite after the end of block->host
> >>
> >> if (offset > block->used_length) {
> >> error_setg(errp, "multifd: offest too long %" PRId64
> >> " (max %" PRId64 ")",
> >> offset, block->max_length);
> >> return -1;
> >> }
> >> ??
> >
> > It's probably (offset + TARGET_PAGE_SIZE) that needs checking
> > but it needs doing in a wrap-safe way.
> >
>
> if ((offset + TARGET_PAGE_SIZE) < offset) {
> error_setg(errp, "multifd: offset %" PRId64 " wraps around"
> " with offset: %" PRId64, offset, block->max_length);
> return -1;
> }
> if ((offset + TARGET_PAGE_SIZE) > block->used_length) {
> error_setg(errp, "multifd: offset too long %" PRId64
> " (max %" PRId64 ")",
> offset, block->max_length);
> return -1;
> }
How about:
if (offset > (block->used_length - TARGET_PAGE_SIZE)) {
....
}
(*assuming that block->used_length is always at least a
TARGET_PAGE_SIZE ?)
Dave
> Sometimes I wonder how is that we don't have
>
> ramblock_contains_range(ramblock, start, size);
>
> But well, c'est la vie.
>
> Later, Juan.
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK
