diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2020-03-26 10:53:49 +0000 |
|---|---|---|
| committer | Michael S. Tsirkin <mst@redhat.com> | 2020-03-29 09:52:13 -0400 |
| commit | 32a2d6b1f6b4405f0fc20c031e61d5d48e3d9cd1 (patch) | |
| tree | 8d549f917b828a6d9a76cbfe94707daf59b2219f /hw/block/vhost-user-blk.c | |
| parent | de38ed300764cdee43747a2a4a9a9795696c203d (diff) | |
| download | qemu-32a2d6b1f6b4405f0fc20c031e61d5d48e3d9cd1.zip qemu-32a2d6b1f6b4405f0fc20c031e61d5d48e3d9cd1.tar.gz qemu-32a2d6b1f6b4405f0fc20c031e61d5d48e3d9cd1.tar.bz2 | |
hw/i386/amd_iommu.c: Fix corruption of log events passed to guest
In the function amdvi_log_event(), we write an event log buffer
entry into guest ram, whose contents are passed to the function
via the "uint64_t *evt" argument. Unfortunately, a spurious
'&' in the call to dma_memory_write() meant that instead of
writing the event to the guest we would write the literal value
of the pointer, plus whatever was in the following 8 bytes
on the stack. This error was spotted by Coverity.
Fix the bug by removing the '&'.
Fixes: CID 1421945
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20200326105349.24588-1-peter.maydell@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Diffstat (limited to 'hw/block/vhost-user-blk.c')
0 files changed, 0 insertions, 0 deletions