|
From: | Zhijian Li (Fujitsu) |
Subject: | Re: [PATCH 04/52] migration/rdma: Drop fragile wr_id formatting |
Date: | Thu, 21 Sep 2023 08:54:50 +0000 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 |
On 18/09/2023 22:41, Markus Armbruster wrote: > wrid_desc[] uses 4001 pointers to map four integer values to strings. > > print_wrid() accesses wrid_desc[] out of bounds when passed a negative > argument. It returns null for values 2..1999 and 2001..3999. > > qemu_rdma_poll() and qemu_rdma_block_for_wrid() print wrid_desc[wr_id] > and passes print_wrid(wr_id) to tracepoints. Could conceivably crash > trying to format a null string. I believe access out of bounds is not > possible. > > Not worth cleaning up. Dumb down to show just numeric wr_id. Yeah, a numeric wr_id is enough > > Signed-off-by: Markus Armbruster<armbru@redhat.com> Reviewed-by: Li Zhijian <lizhijian@fujitsu.com>
[Prev in Thread] | Current Thread | [Next in Thread] |