diff options
author | Donald Dutile <ddutile@redhat.com> | 2011-09-21 15:25:11 -0400 |
---|---|---|
committer | Anthony Liguori <aliguori@us.ibm.com> | 2011-09-23 10:55:34 -0500 |
commit | ffe3ce1173e71ca299d08f6542839cc31ea3e3cf (patch) | |
tree | ef095af380ee8cdf3ed85e514b12f3c909db50e9 | |
parent | c1d23eaccc5020bb546a4391a0b2abf8ee861923 (diff) | |
download | qemu-ffe3ce1173e71ca299d08f6542839cc31ea3e3cf.zip qemu-ffe3ce1173e71ca299d08f6542839cc31ea3e3cf.tar.gz qemu-ffe3ce1173e71ca299d08f6542839cc31ea3e3cf.tar.bz2 |
pci-devfn: check that device/slot number is within range
Need to check that guest slot/device number is not > 31 or walk off
the devfn table when checking if a devfn is available or not in a guest.
before this fix, passing in an addr=abc or addr=34,
can crash qemu, sometimes fail gracefully if data past end
of devfn table fails the availability test.
with this fix, get clean error:
Property 'pci-assign.addr' doesn't take value '34'
also tested when no addr= param passed for guest (pcicfg) address,
and that worked as well.
Signed-off-by: Don Dutile <ddutile@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
-rw-r--r-- | hw/qdev-properties.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/hw/qdev-properties.c b/hw/qdev-properties.c index 7ce95b6..e0e54aa 100644 --- a/hw/qdev-properties.c +++ b/hw/qdev-properties.c @@ -524,6 +524,8 @@ static int parse_pci_devfn(DeviceState *dev, Property *prop, const char *str) return -EINVAL; if (fn > 7) return -EINVAL; + if (slot > 31) + return -EINVAL; *ptr = slot << 3 | fn; return 0; } |