Need to check that guest slot/device number is not > 31 or walk off the devfn table when checking if a devfn is available or not in a guest.
before this fix, passing in an addr=abc or addr=34, can crash qemu, sometimes fail gracefully if data past end of devfn table fails the availability test. with this fix, get clean error: Property 'pci-assign.addr' doesn't take value '34' also tested when no addr= param passed for guest (pcicfg) address, and that worked as well. Signed-off-by: Don Dutile <ddut...@redhat.com> --- hw/qdev-properties.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/hw/qdev-properties.c b/hw/qdev-properties.c index 7ce95b6..e0e54aa 100644 --- a/hw/qdev-properties.c +++ b/hw/qdev-properties.c @@ -524,6 +524,8 @@ static int parse_pci_devfn(DeviceState *dev, Property *prop, const char *str) return -EINVAL; if (fn > 7) return -EINVAL; + if (slot > 31) + return -EINVAL; *ptr = slot << 3 | fn; return 0; } -- 1.7.1