[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 7/8] migration: fix unbounded stack for source_retur
From: |
Peter Xu |
Subject: |
[Qemu-devel] [PATCH 7/8] migration: fix unbounded stack for source_return_path_thread |
Date: |
Tue, 8 Mar 2016 15:00:45 +0800 |
Suggested-by: Paolo Bonzini <address@hidden>
CC: Juan Quintela <address@hidden>
CC: Amit Shah <address@hidden>
Signed-off-by: Peter Xu <address@hidden>
---
migration/migration.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/migration/migration.c b/migration/migration.c
index 0129d9f..f1a3976 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -1265,11 +1265,11 @@ static void migrate_handle_rp_req_pages(MigrationState
*ms, const char* rbname,
*/
static void *source_return_path_thread(void *opaque)
{
+#define __MAX_LEN (512)
MigrationState *ms = opaque;
QEMUFile *rp = ms->rp_state.from_dst_file;
uint16_t header_len, header_type;
- const int max_len = 512;
- uint8_t buf[max_len];
+ uint8_t buf[__MAX_LEN];
uint32_t tmp32, sibling_error;
ram_addr_t start = 0; /* =0 to silence warning */
size_t len = 0, expected_len;
@@ -1292,7 +1292,7 @@ static void *source_return_path_thread(void *opaque)
if ((rp_cmd_args[header_type].len != -1 &&
header_len != rp_cmd_args[header_type].len) ||
- header_len > max_len) {
+ header_len > __MAX_LEN) {
error_report("RP: Received '%s' message (0x%04x) with"
"incorrect length %d expecting %zu",
rp_cmd_args[header_type].name, header_type, header_len,
@@ -1372,6 +1372,7 @@ out:
ms->rp_state.from_dst_file = NULL;
qemu_fclose(rp);
return NULL;
+#undef __MAX_LEN
}
static int open_return_path_on_source(MigrationState *ms)
--
2.4.3