File 51f9f80d-fix-copying-bitmaps.patch of Package libvirt.16761

commit 51f9f80d350e633adf479c6a9b3c55f82ca9cbd4
Author: Allen, John <John.Allen@amd.com>
Date:   Mon Apr 15 14:43:07 2019 +0000

    Handle copying bitmaps to larger data buffers
    
    If a bitmap of a shorter length than the data buffer is passed to
    virBitmapToDataBuf, it will read off the end of the bitmap and copy junk
    into the returned buffer. Add a check to only copy the length of the
    bitmap to the buffer.
    
    The problem can be observed after setting a vcpu affinity using the vcpupin
    command on a system with a large number of cores:
      # virsh vcpupin example_domain 0 0
      # virsh vcpupin example_domain 0
         VCPU   CPU Affinity
        ---------------------------
         0      0,192,197-198,202
    
    Signed-off-by: John Allen <john.allen@amd.com>

Index: libvirt-5.1.0/src/util/virbitmap.c
===================================================================
--- libvirt-5.1.0.orig/src/util/virbitmap.c
+++ libvirt-5.1.0/src/util/virbitmap.c
@@ -824,11 +824,15 @@ virBitmapToDataBuf(virBitmapPtr bitmap,
                    unsigned char *bytes,
                    size_t len)
 {
+    size_t nbytes = bitmap->map_len * (VIR_BITMAP_BITS_PER_UNIT / CHAR_BIT);
     unsigned long *l;
     size_t i, j;
 
     memset(bytes, 0, len);
 
+    /* If bitmap and buffer differ in size, only fill to the smaller length */
+    len = MIN(len, nbytes);
+
     /* htole64 is not provided by gnulib, so we do the conversion by hand */
     l = bitmap->map;
     for (i = j = 0; i < len; i++, j++) {
openSUSE Build Service is sponsored by