ivshmem-server: fix possible OVERRUN

>>>     CID 1337991:  Memory - illegal accesses  (OVERRUN)
>>>     Decrementing "i". The value of "i" is now 65534.
218         while (i--) {
219             event_notifier_cleanup(&peer->vectors[i]);
220         }

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/contrib/ivshmem-server/ivshmem-server.c b/contrib/ivshmem-server/ivshmem-server.c
index 5e5239ce4547f6a79ad0cf1594b3092dc43adc38..d9e26b0574860d9da04a01fa55b465e157eba911 100644 (file)
--- a/contrib/ivshmem-server/ivshmem-server.c
+++ b/contrib/ivshmem-server/ivshmem-server.c
@@ -168,7 +168,9 @@ ivshmem_server_handle_new_conn(IvshmemServer *server)
     }
     if (i == G_MAXUINT16) {
         IVSHMEM_SERVER_DEBUG(server, "cannot allocate new client id\n");
-        goto fail;
+        close(newfd);
+        g_free(peer);
+        return -1;
     }
     peer->id = server->cur_id++;