mirror of https://gitee.com/openkylin/qemu.git
virtio: check vring descriptor buffer length
virtio back end uses set of buffers to facilitate I/O operations. An infinite loop unfolds in virtqueue_pop() if a buffer was of zero size. Add check to avoid it. Reported-by: Li Qiang <liqiang6-s@360.cn> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
This commit is contained in:
parent
9a4c0e220d
commit
1e7aed7014
|
@ -458,6 +458,11 @@ static void virtqueue_map_desc(unsigned int *p_num_sg, hwaddr *addr, struct iove
|
|||
unsigned num_sg = *p_num_sg;
|
||||
assert(num_sg <= max_num_sg);
|
||||
|
||||
if (!sz) {
|
||||
error_report("virtio: zero sized buffers are not allowed");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
while (sz) {
|
||||
hwaddr len = sz;
|
||||
|
||||
|
|
Loading…
Reference in New Issue