VirtualBox

Changeset 25073 in vbox


Ignore:
Timestamp:
Nov 28, 2009 9:11:05 PM (15 years ago)
Author:
vboxsync
Message:

VMMDevHGCM.cpp: VBOXHGCMCMD::cbCmd isn't very helpful now that the rules of the saved state game has changed. When loading / teleporting the state on a machine where VBOXHGCMCMD or/and VBOXHGCMSVCPARM is larger (either due to it being 64-bit or because of different alignment rules (GCPhys & MSC)), we would allocate too little memory for it and end up corrupting the heap.

As a very temporary measure, I have quadrupled cbSize before passing it to RTMemAllocZ and when used in comparisons. (The value in VBOXHGCMCMD::cbCmd should not be changed in case it is saved again.)

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/VBox/Devices/VMMDev/VMMDevHGCM.cpp

    r24076 r25073  
    8282     * This field simplifies loading of saved state.
    8383     */
     84/** @todo @bugref{4500} - Now that we require states to be portable between
     85 * systems and between 32-bit/64-bit variants of the same OS, this field no
     86 * longer simplifies loading of saved state. :-(  Needs proper fixing... */
    8487    uint32_t cbCmd;
     88/** HACK ALERT! (TEMPORARY)
     89 * Factor to muliply cbCmd by when reading it from a saved state.  */
     90#define CMD_SIZE_HACK_FACTOR    4
    8591
    8692    /* The type of the command. */
     
    496502    uint32_t cbCmdSize = sizeof (struct VBOXHGCMCMD) + pHGCMConnect->header.header.size;
    497503
     504#ifdef CMD_SIZE_HACK_FACTOR /*HACK ALERT!*/
     505    if (pSavedCmd->cbCmd * CMD_SIZE_HACK_FACTOR < cbCmdSize)
     506#else
    498507    if (pSavedCmd->cbCmd < cbCmdSize)
     508#endif
    499509    {
    500510        logRelSavedCmdSizeMismatch ("HGCMConnect", pSavedCmd->cbCmd, cbCmdSize);
     
    552562    uint32_t cbCmdSize = sizeof (struct VBOXHGCMCMD);
    553563
     564#ifdef CMD_SIZE_HACK_FACTOR  /*HACK ALERT!*/
     565    if (pSavedCmd->cbCmd * CMD_SIZE_HACK_FACTOR < cbCmdSize)
     566#else
    554567    if (pSavedCmd->cbCmd < cbCmdSize)
     568#endif
    555569    {
    556570        logRelSavedCmdSizeMismatch ("HGCMConnect", pSavedCmd->cbCmd, cbCmdSize);
     
    20932107
    20942108            /* Size of entire command. */
     2109/** @todo @bugref{4500} - Not portable, see other todos. */
    20952110            rc = SSMR3PutU32(pSSM, pIter->cbCmd);
    20962111            AssertRCReturn(rc, rc);
     
    21622177}
    21632178
    2164 /* @thread EMT */
     2179/** @thread EMT(0) */
    21652180int vmmdevHGCMLoadState(VMMDevState *pVMMDevState, PSSMHANDLE pSSM, uint32_t uVersion)
    21662181{
     
    22222237
    22232238            /* Size of entire command. */
     2239/** @todo @bugref{4500} - Not portable, see other todos. */
    22242240            rc = SSMR3GetU32(pSSM, &u32);
    22252241            AssertRCReturn(rc, rc);
    22262242
    2227             PVBOXHGCMCMD pCmd = (PVBOXHGCMCMD)RTMemAllocZ (u32);
     2243            PVBOXHGCMCMD pCmd = (PVBOXHGCMCMD)RTMemAllocZ (u32 * CMD_SIZE_HACK_FACTOR); /*HACK ALERT!*/
    22282244            AssertReturn(pCmd, VERR_NO_MEMORY);
    22292245            pCmd->cbCmd = u32;
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette