[CRIU] [PATCH] pagemap: verify the number of pages returned by receive_remote_pages_info

[Mike Rapoport]

CID 173076, issues/259

Signed-off-by: Mike Rapoport <rppt at linux.vnet.ibm.com>
---
 criu/pagemap.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/criu/pagemap.c b/criu/pagemap.c
index be13e61..64b2fa4 100644
--- a/criu/pagemap.c
+++ b/criu/pagemap.c
@@ -401,7 +401,7 @@ static int read_page_complete(int pid, unsigned long vaddr, int nr_pages, void *
 static int maybe_read_page_remote(struct page_read *pr, unsigned long vaddr,
 		int nr, void *buf, unsigned flags)
 {
-	int ret, pid;
+	int ret, pid, new_nr;
 
 	/* We always do PR_ASAP mode here (FIXME?) */
 	ret = request_remote_pages(pr->pid, vaddr, nr);
@@ -414,9 +414,12 @@ static int maybe_read_page_remote(struct page_read *pr, unsigned long vaddr,
 	 * Note, that for async remote page_read, the actual
 	 * transfer happens in the lazy-pages daemon
 	 */
-	ret = receive_remote_pages_info(&nr, &vaddr, &pid);
-	if (ret == 0)
+	ret = receive_remote_pages_info(&new_nr, &vaddr, &pid);
+	if (ret == 0) {
+		if (new_nr < 0 || new_nr > nr)
+			return -1;
 		ret = receive_remote_pages(nr * PAGE_SIZE, buf);
+	}
 
 	if (ret == 0 && pr->io_complete)
 		ret = pr->io_complete(pr, vaddr, nr);
-- 
1.9.1