From d3889db071624dab72f15ce5b7c6a115336bf1f0 Mon Sep 17 00:00:00 2001
From: Peter Krempa <pkrempa@redhat.com>
Date: Wed, 27 May 2015 17:33:23 +0200
Subject: [PATCH] qemu: Refactor qemuDomainGetInfo

Since the returned structure uses "unsigned long" for memory sizes add a
few overflow checks to notify the user in case we are not able to
represent given values.
---
 src/qemu/qemu_driver.c | 42 +++++++++++++++++++++++++++---------------
 1 file changed, 27 insertions(+), 15 deletions(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 9671f3a45e..a4134f38e1 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -2611,9 +2611,12 @@ static int qemuDomainSendKey(virDomainPtr domain,
     return ret;
 }
 
-static int qemuDomainGetInfo(virDomainPtr dom,
-                             virDomainInfoPtr info)
+
+static int
+qemuDomainGetInfo(virDomainPtr dom,
+                  virDomainInfoPtr info)
 {
+    unsigned long long maxmem;
     virQEMUDriverPtr driver = dom->conn->privateData;
     virDomainObjPtr vm;
     int ret = -1;
@@ -2624,11 +2627,27 @@ static int qemuDomainGetInfo(virDomainPtr dom,
     if (virDomainGetInfoEnsureACL(dom->conn, vm->def) < 0)
         goto cleanup;
 
+    if (qemuDomainUpdateCurrentMemorySize(driver, vm) < 0)
+        goto cleanup;
+
+    memset(info, 0, sizeof(*info));
+
     info->state = virDomainObjGetState(vm, NULL);
 
-    if (!virDomainObjIsActive(vm)) {
-        info->cpuTime = 0;
-    } else {
+    maxmem = virDomainDefGetMemoryActual(vm->def);
+    if (VIR_ASSIGN_IS_OVERFLOW(info->maxMem, maxmem)) {
+        virReportError(VIR_ERR_OVERFLOW, "%s",
+                       _("Initial memory size too large"));
+        goto cleanup;
+    }
+
+    if (virDomainObjIsActive(vm)) {
+        if (VIR_ASSIGN_IS_OVERFLOW(info->memory, vm->def->mem.cur_balloon)) {
+            virReportError(VIR_ERR_OVERFLOW, "%s",
+                           _("Current memory size too large"));
+            goto cleanup;
+        }
+
         if (qemuGetProcessInfo(&(info->cpuTime), NULL, NULL, vm->pid, 0) < 0) {
             virReportError(VIR_ERR_OPERATION_FAILED, "%s",
                            _("cannot read cputime for domain"));
@@ -2636,18 +2655,11 @@ static int qemuDomainGetInfo(virDomainPtr dom,
         }
     }
 
-    info->maxMem = virDomainDefGetMemoryActual(vm->def);
-
-    if (virDomainObjIsActive(vm)) {
-        if (qemuDomainUpdateCurrentMemorySize(driver, vm) < 0)
-            goto cleanup;
-
-        info->memory = vm->def->mem.cur_balloon;
-    } else {
-        info->memory = 0;
+    if (VIR_ASSIGN_IS_OVERFLOW(info->nrVirtCpu, vm->def->vcpus)) {
+        virReportError(VIR_ERR_OVERFLOW, "%s", _("cpu count too large"));
+        goto cleanup;
     }
 
-    info->nrVirtCpu = vm->def->vcpus;
     ret = 0;
 
  cleanup:
-- 
2.39.5