| commit | b72981b910097b31f4d0b9c111a2d2cfd9ee585b | |
| author | Daniel P. Berrange <berrange@redhat.com> | |
| Tue, 6 Sep 2016 13:56:02 +0000 (6 14:56 +0100) | ||
| committer | Paolo Bonzini <pbonzini@redhat.com> | |
| Tue, 13 Sep 2016 17:09:42 +0000 (13 19:09 +0200) | ||
| tree | fd4b43d72ea6e6c55b2083e6ed4548ceb44f85aa | treesnapshot (tar.gz zip) |
| parent | e270d00afa58c8a2903ec85db51407abc4e3269d | commitdiff |
ipmi: check return of qemu_chr_fe_write() for errors
The continue_send() method in ipmi_bmc_extern.c directly
assigns the return value of qemu_chr_fe_write() to the
variable tracking the I/O buffer offset. This ignores the
possibility that the return value could be -1 and so will
cause I/O go backwards on EAGAIN. Fortunately 'outpos' is
unsigned, so can't go negative - it will become MAX_INT
which will cause the loop to stop, and avoid an accidental
out of bounds array access.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1473170165-540-2-git-send-email-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The continue_send() method in ipmi_bmc_extern.c directly
assigns the return value of qemu_chr_fe_write() to the
variable tracking the I/O buffer offset. This ignores the
possibility that the return value could be -1 and so will
cause I/O go backwards on EAGAIN. Fortunately 'outpos' is
unsigned, so can't go negative - it will become MAX_INT
which will cause the loop to stop, and avoid an accidental
out of bounds array access.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1473170165-540-2-git-send-email-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| hw/ipmi/ipmi_bmc_extern.c | diffblobblamehistory |