Stefano Stabellini
2011-Feb-01 16:40 UTC
[Xen-devel] [PATCH] libxl: fix unsafe subtraction in libxl_set_memory_target
The current libxl_set_memory_target function subtracts a negative amount from an uint32_t variable without checking if the operation wraps around. This patch fixes this bug (that I previously believed to be an hypervisor issue): http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1729 Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> diff -r a69965e61ae9 tools/libxl/libxl.c --- a/tools/libxl/libxl.c Mon Jan 31 17:47:24 2011 +0000 +++ b/tools/libxl/libxl.c Tue Feb 01 16:34:43 2011 +0000 @@ -2059,9 +2059,12 @@ retry_transaction: goto out; } - if (relative) - new_target_memkb = current_target_memkb + target_memkb; - else + if (relative) { + if (target_memkb < 0 && abs(target_memkb) > current_target_memkb) + new_target_memkb = 0; + else + new_target_memkb = current_target_memkb + target_memkb; + } else new_target_memkb = target_memkb; if (new_target_memkb > memorykb) { LIBXL__LOG(ctx, LIBXL__LOG_ERROR, _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Ian Jackson
2011-Feb-01 19:25 UTC
Re: [Xen-devel] [PATCH] libxl: fix unsafe subtraction in libxl_set_memory_target
Stefano Stabellini writes ("[Xen-devel] [PATCH] libxl: fix unsafe subtraction in libxl_set_memory_target"):> The current libxl_set_memory_target function subtracts a negative amount > from an uint32_t variable without checking if the operation wraps > around. > > This patch fixes this bug (that I previously believed to be an > hypervisor issue): > http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1729Applied, thanks. Ian. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Seemingly Similar Threads
- [PATCH] xl: Update memory info in xenstore when use ''xl mem-set''
- [PATCH] xl: make libxl_uuid2string internal to libxenlight
- [PATCH, v2]: xl: Implement per-API-call garbage-collection lifetime
- [PATCH v3 0/3] libxl: memory management patches
- [PATCH v3] libxl: support for "rtc_timeoffset" and "localtime"