From: Keir Fraser <keir@xensource.com>
Date: Mon, 15 Oct 2007 11:20:43 +0000 (+0100)
Subject: libxc: Avoid overflow in xc_domain_dumpcore_via_callback().
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~14847^2~44
X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/%22/%22http:/www.example.com/cgi/%22?a=commitdiff_plain;h=ac2a30fcffa1776ef4e4d43fe00ef450a0b09f4c;p=xen.git

libxc: Avoid overflow in xc_domain_dumpcore_via_callback().
nr_pages*PAGE_SIZE can overflow a 32-bit long.
From: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp>
Signed-off-by: Keir Fraser <keir@xensource.com>
---

diff --git a/tools/libxc/xc_core.c b/tools/libxc/xc_core.c
index defe8ca5dd..a939e95c75 100644
--- a/tools/libxc/xc_core.c
+++ b/tools/libxc/xc_core.c
@@ -628,7 +628,7 @@ xc_domain_dumpcore_via_callback(int xc_handle,
         PERROR("could not get section headers for .xen_pages");
         goto out;
     }
-    filesz = nr_pages * PAGE_SIZE;
+    filesz = (uint64_t)nr_pages * PAGE_SIZE;
     sts = xc_core_shdr_set(shdr, strtab, XEN_DUMPCORE_SEC_PAGES, SHT_PROGBITS,
                            offset, filesz, PAGE_SIZE, PAGE_SIZE);
     if ( sts != 0 )
@@ -644,7 +644,7 @@ xc_domain_dumpcore_via_callback(int xc_handle,
     }
     if ( !auto_translated_physmap )
     {
-        filesz = nr_pages * sizeof(p2m_array[0]);
+        filesz = (uint64_t)nr_pages * sizeof(p2m_array[0]);
         sts = xc_core_shdr_set(shdr, strtab, XEN_DUMPCORE_SEC_P2M,
                                SHT_PROGBITS,
                                offset, filesz, __alignof__(p2m_array[0]),
@@ -652,7 +652,7 @@ xc_domain_dumpcore_via_callback(int xc_handle,
     }
     else
     {
-        filesz = nr_pages * sizeof(pfn_array[0]);
+        filesz = (uint64_t)nr_pages * sizeof(pfn_array[0]);
         sts = xc_core_shdr_set(shdr, strtab, XEN_DUMPCORE_SEC_PFN,
                                SHT_PROGBITS,
                                offset, filesz, __alignof__(pfn_array[0]),