From d269c41accb1ac3e3d5da32ceace006db46ef0dc Mon Sep 17 00:00:00 2001
From: Eduardo Habkost <ehabkost@redhat.com>
Date: Thu, 12 Mar 2009 15:03:37 -0300
Subject: [PATCH] Fix size of async_printable_events array
Rename MAX_ASYNC_EVENTS to MAX_ASYNC_EVENT, to reflect its real meaning,
and change the array size to MAX_ASYNC_EVENT+1.
The wrong size was causing memory corruption on the variable just after
the array.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Bugzilla: 489971
RH-Upstream-status: not-applicable
Acked-by: Dor Laor <dlaor@redhat.com>
Acked-by: john cooper <john.cooper@redhat.com>
Acked-by: Juan Quintela <quintela@redhat.com>
---
qemu/console.h | 2 +-
qemu/monitor.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/qemu/console.h b/qemu/console.h
index b33d177..034e459 100644
--- a/qemu/console.h
+++ b/qemu/console.h
@@ -194,7 +194,7 @@ extern uint8_t _translate_keycode(const int key);
#define MIGRATION_ASYNC_EVENT 4
#define REBOOT_ASYNC_EVENT 5
#define VMSTOP_ASYNC_EVENT 6
-#define MAX_ASYNC_EVENTS VMSTOP_ASYNC_EVENT
+#define MAX_ASYNC_EVENT VMSTOP_ASYNC_EVENT
/* FIXME: term_printf et al should probably go elsewhere so everything
does not need to include console.h */
diff --git a/qemu/monitor.c b/qemu/monitor.c
index 131c389..a8b1159 100644
--- a/qemu/monitor.c
+++ b/qemu/monitor.c
@@ -75,7 +75,7 @@ struct term_cmd_t {
term_cmd_t* next;
};
-int async_printable_events[MAX_ASYNC_EVENTS];
+int async_printable_events[MAX_ASYNC_EVENT+1];
#define MAX_MON 4
static CharDriverState *monitor_hd[MAX_MON];
@@ -140,7 +140,7 @@ void term_printf_async(const int event, const char *fmt, ...)
va_list ap;
va_start(ap, fmt);
- if (event > MAX_ASYNC_EVENTS)
+ if (event > MAX_ASYNC_EVENT)
goto cleanup;
if (!async_printable_events[event])
goto cleanup;
--
1.6.1
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
3160499aacb81f6735941eb4c372d87a
>
files
>
132
