How did you trigger the bug?
I suppose parse_pci_devfn() in qdev-properties should check the error.
Although I'm not objecting this patch itself, it's caller's bug.
Just assert(devfn < PCIBUS_MAX_DEVICES)?
On Mon, Aug 23, 2010 at 01:56:31PM +0800, Ken CC wrote:
>
> Check before trying subindexing.
>
> Signed-off-by: Ken CC <ken.c...@gmail.com>
> ---
> hw/pci.c | 4 ++++
> 1 files changed, 4 insertions(+), 0 deletions(-)
>
> diff --git a/hw/pci.c b/hw/pci.c
> index a09fbac..f6f00c6 100644
> --- a/hw/pci.c
> +++ b/hw/pci.c
> @@ -675,6 +675,10 @@ static PCIDevice *do_pci_register_device(PCIDevice
> *pci_dev, PCIBus *bus,
> error_report("PCI: no slot/function available for %s, all in use",
> name);
> return NULL;
> found: ;
> + } else if (devfn > PCIBUS_MAX_DEVICES - 1) {
> + error_report("PCI: devfn is out of bus capacity."
> + " Only %d devices supported.", PCIBUS_MAX_DEVICES);
> + return NULL;
> } else if (bus->devices[devfn]) {
> error_report("PCI: slot %d function %d not available for %s, in use
> by %s",
> PCI_SLOT(devfn), PCI_FUNC(devfn), name,
> bus->devices[devfn]->name);
>
>
>
--
yamahata
