vl.c: numa_add(): Validate nodeid before using it

Without this check, QEMU will corrupt memory if a too-large nodeid is
provided in the command-line. e.g.:

  -numa node,mem=...,cpus=...,nodeid=65

This changes nodenr to unsigned long long, to avoid integer conversion
issues when converting the strtoull() result to int.

Signed-off-by: Eduardo Habkost <[email protected]>
Reviewed-by: Eric Blake <[email protected]>
Signed-off-by: Anthony Liguori <[email protected]>

diff --git a/vl.c b/vl.c
index 89de00398f22e3da745f28ab35f8b4492d90507b..4955c2972d0683f0f1e8cf5c70b49378e824c3e8 100644 (file)
--- a/vl.c
+++ b/vl.c
@@ -1249,7 +1249,7 @@ static void numa_add(const char *optarg)
     char option[128];
     char *endptr;
     unsigned long long value, endvalue;
-    int nodenr;
+    unsigned long long nodenr;
 
     value = endvalue = 0ULL;
 
@@ -1270,6 +1270,11 @@ static void numa_add(const char *optarg)
             nodenr = strtoull(option, NULL, 10);
         }
 
+        if (nodenr >= MAX_NODES) {
+            fprintf(stderr, "qemu: invalid NUMA nodeid: %llu\n", nodenr);
+            exit(1);
+        }
+
         if (get_param_value(option, 128, "mem", optarg) == 0) {
             node_mem[nodenr] = 0;
         } else {