From 5093bee0fa8a6c9712c96653da3a79bc37a4e45d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20P=C3=B6tzsch?= Date: Fri, 26 Apr 2024 10:33:13 +0200 Subject: [PATCH] Fix vhost user assertion when sending more than one fd MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If the client sends more than one region this assert triggers. The reason is that two fd's are 8 bytes and VHOST_MEMORY_BASELINE_NREGIONS is exactly 8. The assert is wrong because it should not test for the size of the fd array, but for the numbers of regions. Signed-off-by: Christian Pötzsch Message-Id: <20240426083313.3081272-1-christian.poetzsch@kernkonzept.com> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin --- subprojects/libvhost-user/libvhost-user.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/subprojects/libvhost-user/libvhost-user.c b/subprojects/libvhost-user/libvhost-user.c index a879149fef..8adb277d54 100644 --- a/subprojects/libvhost-user/libvhost-user.c +++ b/subprojects/libvhost-user/libvhost-user.c @@ -568,7 +568,7 @@ vu_message_read_default(VuDev *dev, int conn_fd, VhostUserMsg *vmsg) if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) { fd_size = cmsg->cmsg_len - CMSG_LEN(0); vmsg->fd_num = fd_size / sizeof(int); - assert(fd_size < VHOST_MEMORY_BASELINE_NREGIONS); + assert(vmsg->fd_num <= VHOST_MEMORY_BASELINE_NREGIONS); memcpy(vmsg->fds, CMSG_DATA(cmsg), fd_size); break; }