virtio-9p: fixed LE-to-host conversion bug when QEMU is called from guest

The 9p code already contains an attempt at the necessary endian
conversions, but it's broken.

The code which does conversion from host to guest does it correctly
and this code was copied to the function which does guest to host
conversion.  However the copied code hasn't been correctly updated, so
it first endian converts some garbage on the stack and then overwrites
it with a field from incoming packet without conversion.

The patch fixes the mistakes.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>

1 files changed, 3 insertions, 6 deletions

diff --git a/hw/virtio-9p.c b/hw/virtio-9p.c
index 7c59988..7e29535 100644
--- a/hw/virtio-9p.c
+++ b/hw/virtio-9p.c
@@ -696,25 +696,22 @@ static size_t pdu_unmarshal(V9fsPDU *pdu, size_t offset, const char *fmt, ...)
         case 'w': {
             uint16_t val, *valp;
             valp = va_arg(ap, uint16_t *);
-            val = le16_to_cpupu(valp);
             offset += pdu_unpack(&val, pdu, offset, sizeof(val));
-            *valp = val;
+            *valp = le16_to_cpu(val);
             break;
         }
         case 'd': {
             uint32_t val, *valp;
             valp = va_arg(ap, uint32_t *);
-            val = le32_to_cpupu(valp);
             offset += pdu_unpack(&val, pdu, offset, sizeof(val));
-            *valp = val;
+            *valp = le32_to_cpu(val);
             break;
         }
         case 'q': {
             uint64_t val, *valp;
             valp = va_arg(ap, uint64_t *);
-            val = le64_to_cpup(valp);
             offset += pdu_unpack(&val, pdu, offset, sizeof(val));
-            *valp = val;
+            *valp = le64_to_cpu(val);
             break;
         }
         case 'v': {