>>> On 22.02.17 at 09:45, <[email protected]> wrote: > On Wed, 2017-02-22 at 08:40 +0000, Tian, Kevin wrote: >> > From: Sergey Dyasli [mailto:[email protected]] >> > Sent: Wednesday, February 22, 2017 4:38 PM >> > >> > > > >> > > > - for ( idx = 0; idx < *msr_count; idx++ ) >> > > > + for ( idx = 0; (*msr_area)[idx].index <= msr && idx < *msr_count; >> > > > idx++ > ) >> > > >> > > risk of out-of-boundary access. >> > >> > How exactly out-of-bounds access is possible? The original condition >> > >> > idx < *msr_count >> > >> > Is still being checked on each loop iteration. >> > >> >> Isn't "(*msr_area[idx]).index <= msr" checked before "idx < *msr_count"? >> >> So if idx==*msr_count, you first hit an out-of-boundary access... >> >> I think we should change the condition order here. >> > > You are right. I will fix this in v3.
And with that taken care of Reviewed-by: Jan Beulich <[email protected]> _______________________________________________ Xen-devel mailing list [email protected] https://lists.xen.org/xen-devel
