Re: [Qemu-devel] [PATCH] aio-win32: avoid out-of-bounds access to the events array

On Mon, Sep 15, 2014 at 02:52:58PM +0200, Paolo Bonzini wrote: > If ret is WAIT_TIMEOUT and there was an event returned by select(), > we can write to a location after the end of the array. But in > that case we can retry the WaitForMultipleObjects call with the > same set of events, so just move

Re: [Qemu-devel] [PATCH] aio-win32: avoid out-of-bounds access to the events array

On Mon, Sep 15, 2014 at 8:52 PM, Paolo Bonzini wrote: > If ret is WAIT_TIMEOUT and there was an event returned by select(), > we can write to a location after the end of the array. But in > that case we can retry the WaitForMultipleObjects call with the > same set of events, so just move the even

[Qemu-devel] [PATCH] aio-win32: avoid out-of-bounds access to the events array

If ret is WAIT_TIMEOUT and there was an event returned by select(), we can write to a location after the end of the array. But in that case we can retry the WaitForMultipleObjects call with the same set of events, so just move the event[ret - WAIT_OBJECT_0] assignment inside the existin conditiona