-
Lidong Chen authoredThe check for poll_fds in g_assert() was incorrect. The correct assertion should check "n_poll_fds + w->num <= ARRAY_SIZE(poll_fds)" because the subsequent for-loop is doing access to poll_fds[n_poll_fds + i] where i is in [0, w->num). This could happen with a very high number of file descriptors and/or wait objects. Signed-off-by:
Lidong Chen <lidong.chen@oracle.com>
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Suggested-by: Liam Merwick <liam.merwick@oracle.com>
Reviewed-by: Liran Alon <liran.alon@oracle.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <ded30967982811617ce7f0222d11228130c198b7.1560806687.git.lidong.chen@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>Lidong Chen authoredThe check for poll_fds in g_assert() was incorrect. The correct assertion should check "n_poll_fds + w->num <= ARRAY_SIZE(poll_fds)" because the subsequent for-loop is doing access to poll_fds[n_poll_fds + i] where i is in [0, w->num). This could happen with a very high number of file descriptors and/or wait objects. Signed-off-by:
Lidong Chen <lidong.chen@oracle.com>
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Suggested-by: Liam Merwick <liam.merwick@oracle.com>
Reviewed-by: Liran Alon <liran.alon@oracle.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <ded30967982811617ce7f0222d11228130c198b7.1560806687.git.lidong.chen@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Loading