diff mbox

[v5,03/48] ivhsmem: read do not accept more than sizeof(long)

Message ID 1443812991-17356-4-git-send-email-marcandre.lureau@redhat.com
State New
Headers show

Commit Message

Marc-André Lureau Oct. 2, 2015, 7:09 p.m. UTC
From: Marc-André Lureau <marcandre.lureau@redhat.com>

ivshmem_read() only reads sizeof(long) from the input buffer.  Accepting
more could lead to fifo8 abort() on 32bit systems if fifo is not empty.

A following patch will change the protocol to 64-bit little-endian
instead.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
---
 hw/misc/ivshmem.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff mbox

Patch

diff --git a/hw/misc/ivshmem.c b/hw/misc/ivshmem.c
index cc76989..fb53b3f 100644
--- a/hw/misc/ivshmem.c
+++ b/hw/misc/ivshmem.c
@@ -272,7 +272,7 @@  static void ivshmem_receive(void *opaque, const uint8_t *buf, int size)
 
 static int ivshmem_can_receive(void * opaque)
 {
-    return 8;
+    return sizeof(long);
 }
 
 static void ivshmem_event(void *opaque, int event)