libxc: don't pass uninitialized data to do_dm_op()

Commit Message

Jan Beulich Feb. 16, 2017, 3:44 p.m. UTC

do_dm_op() expects (void *, size_t) pairs, but with nr being uint32_t
the type of the expression of xc_hvm_track_dirty_vram()'s last argument
to the function is only a 32 bits one. Neither C nor the ABI require
the compiler to promote the type beyond int.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
libxc: don't pass uninitialized data to do_dm_op()

do_dm_op() expects (void *, size_t) pairs, but with nr being uint32_t
the type of the expression of xc_hvm_track_dirty_vram()'s last argument
to the function is only a 32 bits one. Neither C nor the ABI require
the compiler to promote the type beyond int.

Signed-off-by: Jan Beulich <jbeulich@suse.com>

--- a/tools/libxc/xc_misc.c
+++ b/tools/libxc/xc_misc.c
@@ -609,7 +609,7 @@ int xc_hvm_track_dirty_vram(
     data->nr = nr;
 
     return do_dm_op(xch, dom, 2, &op, sizeof(op),
-                    dirty_bitmap, (nr + 7) / 8);
+                    dirty_bitmap, (size_t)((nr + 7) / 8));
 }
 
 int xc_hvm_modified_memory(

Comments

Wei Liu Feb. 20, 2017, 12:27 p.m. UTC | #1

On Thu, Feb 16, 2017 at 08:44:08AM -0700, Jan Beulich wrote:
> do_dm_op() expects (void *, size_t) pairs, but with nr being uint32_t
> the type of the expression of xc_hvm_track_dirty_vram()'s last argument
> to the function is only a 32 bits one. Neither C nor the ABI require
> the compiler to promote the type beyond int.
> 
> Signed-off-by: Jan Beulich <jbeulich@suse.com>

Acked-by: Wei Liu <wei.liu2@citrix.com>

Patch

--- a/tools/libxc/xc_misc.c
+++ b/tools/libxc/xc_misc.c
@@ -609,7 +609,7 @@  int xc_hvm_track_dirty_vram(
     data->nr = nr;
 
     return do_dm_op(xch, dom, 2, &op, sizeof(op),
-                    dirty_bitmap, (nr + 7) / 8);
+                    dirty_bitmap, (size_t)((nr + 7) / 8));
 }
 
 int xc_hvm_modified_memory(