vhost: fix mem_sections memory corruption
A memset() used to delete an entry in an array did not take into account the array element's size. Signed-off-by: Avi Kivity <avi@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com>
This commit is contained in:
parent
d743c38286
commit
637f7a6a01
|
@ -456,7 +456,7 @@ static void vhost_region_del(MemoryListener *listener,
|
||||||
== section->offset_within_address_space) {
|
== section->offset_within_address_space) {
|
||||||
--dev->n_mem_sections;
|
--dev->n_mem_sections;
|
||||||
memmove(&dev->mem_sections[i], &dev->mem_sections[i+1],
|
memmove(&dev->mem_sections[i], &dev->mem_sections[i+1],
|
||||||
dev->n_mem_sections - i);
|
(dev->n_mem_sections - i) * sizeof(*dev->mem_sections));
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Reference in New Issue