Need to check that guest slot/device number is not > 31 or walk off
the devfn table when checking if a devfn is available or not in a guest.
before this fix, passing in an addr=abc or addr=34,
can crash qemu, sometimes fail gracefully if data past end
of devfn table fails the availability test.
with this fix, get clean error:
Property 'pci-assign.addr' doesn't take value '34'
also tested when no addr= param passed for guest (pcicfg) address,
and that worked as well.
Signed-off-by: Don Dutile <ddut...@redhat.com>
---
hw/qdev-properties.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/hw/qdev-properties.c b/hw/qdev-properties.c
index 7ce95b6..e0e54aa 100644
--- a/hw/qdev-properties.c
+++ b/hw/qdev-properties.c
@@ -524,6 +524,8 @@ static int parse_pci_devfn(DeviceState *dev, Property
*prop, const char *str)
return -EINVAL;
if (fn > 7)
return -EINVAL;
+ if (slot > 31)
+ return -EINVAL;
*ptr = slot << 3 | fn;
return 0;
}
--
1.7.1
