libxc: Check there's enough memory for segments we're creating

author Keir Fraser <keir.fraser@citrix.com>

Wed, 3 Feb 2010 09:46:01 +0000 (09:46 +0000)

committer Keir Fraser <keir.fraser@citrix.com>

Wed, 3 Feb 2010 09:46:01 +0000 (09:46 +0000)
author Keir Fraser <keir.fraser@citrix.com>
Wed, 3 Feb 2010 09:46:01 +0000 (09:46 +0000)
committer Keir Fraser <keir.fraser@citrix.com>
Wed, 3 Feb 2010 09:46:01 +0000 (09:46 +0000)
diff --git a/tools/libxc/xc_dom_core.c b/tools/libxc/xc_dom_core.c

index 23c655efb37c3474a84711e759eb2def33033b9c..df8e83b6ba2265dbff3f773011d125966b503c3e 100644 (file)
--- a/tools/libxc/xc_dom_core.c
+++ b/tools/libxc/xc_dom_core.c
@@ -409,8 +409,19 @@ int xc_dom_alloc_segment(struct xc_dom_image *dom,
      }
  
      seg->vstart = start;
-    seg->vend = start + pages * page_size;
      seg->pfn = (seg->vstart - dom->parms.virt_base) / page_size;
+
+    if ( pages > dom->total_pages || /* double test avoids overflow probs */
+         pages > dom->total_pages - seg->pfn)
+    {
+        xc_dom_panic(XC_OUT_OF_MEMORY,
+                     "%s: segment %s too large (0x%"PRIpfn" > "
+                     "0x%"PRIpfn" - 0x%"PRIpfn" pages)\n",
+                     __FUNCTION__, name, pages, dom->total_pages, seg->pfn);
+        return -1;
+    }
+
+    seg->vend = start + pages * page_size;
      dom->virt_alloc_end = seg->vend;
      if (dom->allocate)
          dom->allocate(dom, dom->virt_alloc_end);
author	Keir Fraser <keir.fraser@citrix.com>
	Wed, 3 Feb 2010 09:46:01 +0000 (09:46 +0000)
committer	Keir Fraser <keir.fraser@citrix.com>
	Wed, 3 Feb 2010 09:46:01 +0000 (09:46 +0000)