diff options
author | Michael S. Tsirkin <mst@redhat.com> | 2014-11-02 18:48:32 +0200 |
---|---|---|
committer | Michael S. Tsirkin <mst@redhat.com> | 2014-11-23 12:11:29 +0200 |
commit | c409572678936d3ffa8694f5a1dae531c2212e21 (patch) | |
tree | 234bada2ba0f994940b6b96421d9e653fe925b9c | |
parent | 0e88f478508b566152c6681f4889ed9830a2c0a5 (diff) |
qemu-char: fix tcp_get_fds
tcp_get_fds API discards fds if there's more than 1 of these.
It's tricky to fix this without API changes in the generic case.
However, this API is only used by tests ATM, and tests know how
many fds they expect.
So let's not waste cycles trying to fix this properly:
simply assume at most 16 fds (tests use at most 8 now).
assert if some test tries to get more.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-rw-r--r-- | qemu-char.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/qemu-char.c b/qemu-char.c index 4a76f0f805..a8b01da3ee 100644 --- a/qemu-char.c +++ b/qemu-char.c @@ -88,6 +88,7 @@ #define READ_BUF_LEN 4096 #define READ_RETRIES 10 #define CHR_MAX_FILENAME_SIZE 256 +#define TCP_MAX_FDS 16 /***********************************************************/ /* Socket address helpers */ @@ -2668,6 +2669,8 @@ static int tcp_get_msgfds(CharDriverState *chr, int *fds, int num) TCPCharDriver *s = chr->opaque; int to_copy = (s->read_msgfds_num < num) ? s->read_msgfds_num : num; + assert(num <= TCP_MAX_FDS); + if (to_copy) { int i; @@ -2762,7 +2765,7 @@ static ssize_t tcp_chr_recv(CharDriverState *chr, char *buf, size_t len) struct iovec iov[1]; union { struct cmsghdr cmsg; - char control[CMSG_SPACE(sizeof(int))]; + char control[CMSG_SPACE(sizeof(int) * TCP_MAX_FDS)]; } msg_control; int flags = 0; ssize_t ret; |