diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2024-07-23 16:09:27 +0100 |
|---|---|---|
| committer | Michael Tokarev <mjt@tls.msk.ru> | 2024-08-28 08:37:14 +0300 |
| commit | bb16ea0a4aca1747a645e370ebb993db36f15243 (patch) | |
| tree | 4aff771918fffac8262216433f186e18d58a742c | |
| parent | 780a274406b9a074dbc8ee21ef1f02a520dea170 (diff) | |
util/async.c: Forbid negative min/max in aio_context_set_thread_pool_params()
aio_context_set_thread_pool_params() takes two int64_t arguments to
set the minimum and maximum number of threads in the pool. We do
some bounds checking on these, but we don't catch the case where the
inputs are negative. This means that later in the function when we
assign these inputs to the AioContext::thread_pool_min and
::thread_pool_max fields, which are of type int, the values might
overflow the smaller type.
A negative number of threads is meaningless, so make
aio_context_set_thread_pool_params() return an error if either min or
max are negative.
Resolves: Coverity CID 1547605
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20240723150927.1396456-1-peter.maydell@linaro.org
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 851495571d14fe2226c52b9d423f88a4f5460836)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
| -rw-r--r-- | util/async.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/util/async.c b/util/async.c index 8f90ddc304..86d2910481 100644 --- a/util/async.c +++ b/util/async.c @@ -758,7 +758,7 @@ void aio_context_set_thread_pool_params(AioContext *ctx, int64_t min, int64_t max, Error **errp) { - if (min > max || !max || min > INT_MAX || max > INT_MAX) { + if (min > max || max <= 0 || min < 0 || min > INT_MAX || max > INT_MAX) { error_setg(errp, "bad thread-pool-min/thread-pool-max values"); return; } |