From 58cf0f86d4ab6b78d11850557c5335ecfd2d2696 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 1 Dec 2020 09:42:23 -0500
Subject: msix: assert that accesses are within bounds

This makes the testcase from the next patch fail.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/pci/msix.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'hw/pci')

diff --git a/hw/pci/msix.c b/hw/pci/msix.c
index 67e34f3..36491ee 100644
--- a/hw/pci/msix.c
+++ b/hw/pci/msix.c
@@ -179,6 +179,7 @@ static uint64_t msix_table_mmio_read(void *opaque, hwaddr addr,
 {
     PCIDevice *dev = opaque;
 
+    assert(addr + size <= dev->msix_entries_nr * PCI_MSIX_ENTRY_SIZE);
     return pci_get_long(dev->msix_table + addr);
 }
 
@@ -189,6 +190,8 @@ static void msix_table_mmio_write(void *opaque, hwaddr addr,
     int vector = addr / PCI_MSIX_ENTRY_SIZE;
     bool was_masked;
 
+    assert(addr + size <= dev->msix_entries_nr * PCI_MSIX_ENTRY_SIZE);
+
     was_masked = msix_is_masked(dev, vector);
     pci_set_long(dev->msix_table + addr, val);
     msix_handle_mask_update(dev, vector, was_masked);
-- 
cgit v1.1