Page MenuHomeFreeBSD
Files F150818139

D46882.id144155.diff
No OneTemporary
Actions

D46882.id144155.diff
View Options

diff --git a/usr.sbin/bhyve/pci_virtio_console.c b/usr.sbin/bhyve/pci_virtio_console.c
--- a/usr.sbin/bhyve/pci_virtio_console.c
+++ b/usr.sbin/bhyve/pci_virtio_console.c
@@ -580,11 +580,13 @@
n = vq_getchain(vq, &iov, 1, &req);
assert(n == 1);
- if (iov.iov_len < sizeof(struct pci_vtcon_control))
+ if (len > SIZE_T_MAX - sizeof(struct pci_vtcon_control))
+ goto out;
+ if (iov.iov_len < sizeof(struct pci_vtcon_control) + len)
goto out;
memcpy(iov.iov_base, ctrl, sizeof(struct pci_vtcon_control));
- if (payload != NULL && len > 0)
+ if (len > 0)
memcpy((uint8_t *)iov.iov_base +
sizeof(struct pci_vtcon_control), payload, len);

File Metadata

Mime Type
text/plain
Expires
Sun, Apr 5, 6:32 AM (13 h, 13 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
30875298
Default Alt Text
D46882.id144155.diff (660 B)

Event Timeline