When parsing BDFs for pci-attach/detach, check the return of scanf rather than operating on random devices. Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com> diff -r 67dd34a9bb71 tools/libxl/xl_cmdimpl.c --- a/tools/libxl/xl_cmdimpl.c Thu May 27 11:59:37 2010 -0700 +++ b/tools/libxl/xl_cmdimpl.c Thu May 27 12:17:34 2010 -0700 @@ -1519,7 +1519,10 @@ find_domain(dom); memset(&pcidev, 0x00, sizeof(pcidev)); - sscanf(bdf, PCI_BDF, &domain, &bus, &dev, &func); + if (sscanf(bdf, PCI_BDF, &domain, &bus, &dev, &func) != 4) { + fprintf(stderr, "pci-detach: malformed BDF specification \"%s\"\n", bdf); + exit(2); + } libxl_device_pci_init(&pcidev, domain, bus, dev, func, 0); libxl_device_pci_remove(&ctx, domid, &pcidev); } @@ -1558,7 +1561,10 @@ find_domain(dom); memset(&pcidev, 0x00, sizeof(pcidev)); - sscanf(bdf, PCI_BDF, &domain, &bus, &dev, &func); + if (sscanf(bdf, PCI_BDF, &domain, &bus, &dev, &func) != 4) { + fprintf(stderr, "pci-attach: malformed BDF specification \"%s\"\n", bdf); + exit(2); + } libxl_device_pci_init(&pcidev, domain, bus, dev, func, 0); libxl_device_pci_add(&ctx, domid, &pcidev); } _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel