Re: [Qemu-devel] [PATCH 2/3] vhost: fix mem_sections memory corruption

Michael S. Tsirkin Mon, 09 Jan 2012 05:26:42 -0800

On Mon, Jan 09, 2012 at 02:04:53PM +0200, Avi Kivity wrote:
> A memset() used to delete an entry in an array did not take into account
> the array element's size.
> 
> Signed-off-by: Avi Kivity <a...@redhat.com>


Acked-by: Michael S. Tsirkin <m...@redhat.com>

> ---
>  hw/vhost.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/hw/vhost.c b/hw/vhost.c
> index 541c716..d924fb0 100644
> --- a/hw/vhost.c
> +++ b/hw/vhost.c
> @@ -456,7 +456,7 @@ static void vhost_region_del(MemoryListener *listener,
>              == section->offset_within_address_space) {
>              --dev->n_mem_sections;
>              memmove(&dev->mem_sections[i], &dev->mem_sections[i+1],
> -                    dev->n_mem_sections - i);
> +                    (dev->n_mem_sections - i) * sizeof(*dev->mem_sections));
>              break;
>          }
>      }
> -- 
> 1.7.7.1
>

Re: [Qemu-devel] [PATCH 2/3] vhost: fix mem_sections memory corruption

Reply via email to