Message ID | 20210622111549.490-1-linfeng23@huawei.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | migration: fix the memory overwriting risk in add_to_iovec | expand |
diff --git a/migration/qemu-file.c b/migration/qemu-file.c index d6e03dbc0e..3dde1a193c 100644 --- a/migration/qemu-file.c +++ b/migration/qemu-file.c @@ -419,8 +419,10 @@ static int add_to_iovec(QEMUFile *f, const uint8_t *buf, size_t size, if (may_free) { set_bit(f->iovcnt, f->may_free); } - f->iov[f->iovcnt].iov_base = (uint8_t *)buf; - f->iov[f->iovcnt++].iov_len = size; + if (f->iovcnt < MAX_IOV_SIZE) { + f->iov[f->iovcnt].iov_base = (uint8_t *)buf; + f->iov[f->iovcnt++].iov_len = size; + } } if (f->iovcnt >= MAX_IOV_SIZE) {