util/filemonitor-inotify: qemu_file_monitor_watch(): assert no overflow

Prefer clear assertions instead of [im]possible array overflow.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Maksim Davydov <davydov-max@yandex-team.ru>
Message-id: 20231017125941.810461-3-vsementsov@yandex-team.ru
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
Vladimir Sementsov-Ogievskiy 2023-11-06 15:00:27 +00:00 committed by Peter Maydell
parent 212c5fe191
commit 2e12dd405c

View File

@ -81,16 +81,25 @@ static void qemu_file_monitor_watch(void *arg)
/* Loop over all events in the buffer */ /* Loop over all events in the buffer */
while (used < len) { while (used < len) {
struct inotify_event *ev = const char *name;
(struct inotify_event *)(buf + used); QFileMonitorDir *dir;
const char *name = ev->len ? ev->name : ""; uint32_t iev;
QFileMonitorDir *dir = g_hash_table_lookup(mon->idmap,
GINT_TO_POINTER(ev->wd));
uint32_t iev = ev->mask &
(IN_CREATE | IN_MODIFY | IN_DELETE | IN_IGNORED |
IN_MOVED_TO | IN_MOVED_FROM | IN_ATTRIB);
int qev; int qev;
gsize i; gsize i;
struct inotify_event *ev = (struct inotify_event *)(buf + used);
/*
* We trust the kenel to provide valid buffer with complete event
* records.
*/
assert(len - used >= sizeof(struct inotify_event));
assert(len - used - sizeof(struct inotify_event) >= ev->len);
name = ev->len ? ev->name : "";
dir = g_hash_table_lookup(mon->idmap, GINT_TO_POINTER(ev->wd));
iev = ev->mask &
(IN_CREATE | IN_MODIFY | IN_DELETE | IN_IGNORED |
IN_MOVED_TO | IN_MOVED_FROM | IN_ATTRIB);
used += sizeof(struct inotify_event) + ev->len; used += sizeof(struct inotify_event) + ev->len;