aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael S. Tsirkin <mst@redhat.com>2014-11-02 18:48:32 +0200
committerMichael S. Tsirkin <mst@redhat.com>2014-11-23 12:11:29 +0200
commitc409572678936d3ffa8694f5a1dae531c2212e21 (patch)
tree234bada2ba0f994940b6b96421d9e653fe925b9c
parent0e88f478508b566152c6681f4889ed9830a2c0a5 (diff)
qemu-char: fix tcp_get_fds
tcp_get_fds API discards fds if there's more than 1 of these. It's tricky to fix this without API changes in the generic case. However, this API is only used by tests ATM, and tests know how many fds they expect. So let's not waste cycles trying to fix this properly: simply assume at most 16 fds (tests use at most 8 now). assert if some test tries to get more. Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-rw-r--r--qemu-char.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/qemu-char.c b/qemu-char.c
index 4a76f0f805..a8b01da3ee 100644
--- a/qemu-char.c
+++ b/qemu-char.c
@@ -88,6 +88,7 @@
#define READ_BUF_LEN 4096
#define READ_RETRIES 10
#define CHR_MAX_FILENAME_SIZE 256
+#define TCP_MAX_FDS 16
/***********************************************************/
/* Socket address helpers */
@@ -2668,6 +2669,8 @@ static int tcp_get_msgfds(CharDriverState *chr, int *fds, int num)
TCPCharDriver *s = chr->opaque;
int to_copy = (s->read_msgfds_num < num) ? s->read_msgfds_num : num;
+ assert(num <= TCP_MAX_FDS);
+
if (to_copy) {
int i;
@@ -2762,7 +2765,7 @@ static ssize_t tcp_chr_recv(CharDriverState *chr, char *buf, size_t len)
struct iovec iov[1];
union {
struct cmsghdr cmsg;
- char control[CMSG_SPACE(sizeof(int))];
+ char control[CMSG_SPACE(sizeof(int) * TCP_MAX_FDS)];
} msg_control;
int flags = 0;
ssize_t ret;