[Qemu-devel] [PATCH] pcihp: fix possible array out of bounds
From: Gonglei arei.gong...@huawei.com
When 'bsel == ACPI_PCIHP_MAX_HOTPLUG_BUS', the
s-acpi_pcihp_pci_status[bsel] array will out of bounds.
Add check for this.
Signed-off-by: Gonglei arei.gong...@huawei.com
---
hw/acpi/pcihp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/acpi/pcihp.c b/hw/acpi/pcihp.c
index fae663a..34dedf1 100644
--- a/hw/acpi/pcihp.c
+++ b/hw/acpi/pcihp.c
@@ -231,7 +231,7 @@ static uint64_t pci_read(void *opaque, hwaddr addr,
unsigned int size)
uint32_t val = 0;
int bsel = s-hotplug_select;
-if (bsel 0 || bsel ACPI_PCIHP_MAX_HOTPLUG_BUS) {
+if (bsel 0 || bsel = ACPI_PCIHP_MAX_HOTPLUG_BUS) {
return 0;
}
--
1.7.12.4
Re: [Qemu-devel] [PATCH] pcihp: fix possible array out of bounds
On Tue, 2014-08-19 at 15:18 +0800, arei.gong...@huawei.com wrote:
From: Gonglei arei.gong...@huawei.com
When 'bsel == ACPI_PCIHP_MAX_HOTPLUG_BUS', the
s-acpi_pcihp_pci_status[bsel] array will out of bounds.
I would change the commit message to something like
Prevent out-of-bounds array access on acpi_pcihp_pci_status.
Other than that, it looks OK to me.
Thanks,
Marcel
Add check for this.
Signed-off-by: Gonglei arei.gong...@huawei.com
---
hw/acpi/pcihp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/acpi/pcihp.c b/hw/acpi/pcihp.c
index fae663a..34dedf1 100644
--- a/hw/acpi/pcihp.c
+++ b/hw/acpi/pcihp.c
@@ -231,7 +231,7 @@ static uint64_t pci_read(void *opaque, hwaddr addr,
unsigned int size)
uint32_t val = 0;
int bsel = s-hotplug_select;
-if (bsel 0 || bsel ACPI_PCIHP_MAX_HOTPLUG_BUS) {
+if (bsel 0 || bsel = ACPI_PCIHP_MAX_HOTPLUG_BUS) {
return 0;
}
Re: [Qemu-devel] [PATCH] pcihp: fix possible array out of bounds
On Tue, Aug 19, 2014 at 5:18 PM, arei.gong...@huawei.com wrote:
From: Gonglei arei.gong...@huawei.com
When 'bsel == ACPI_PCIHP_MAX_HOTPLUG_BUS', the
s-acpi_pcihp_pci_status[bsel] array will out of bounds.
Add check for this.
Signed-off-by: Gonglei arei.gong...@huawei.com
Reviewed-by: Peter Crosthwaite peter.crosthwa...@xilinx.com
---
hw/acpi/pcihp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/acpi/pcihp.c b/hw/acpi/pcihp.c
index fae663a..34dedf1 100644
--- a/hw/acpi/pcihp.c
+++ b/hw/acpi/pcihp.c
@@ -231,7 +231,7 @@ static uint64_t pci_read(void *opaque, hwaddr addr,
unsigned int size)
uint32_t val = 0;
int bsel = s-hotplug_select;
-if (bsel 0 || bsel ACPI_PCIHP_MAX_HOTPLUG_BUS) {
+if (bsel 0 || bsel = ACPI_PCIHP_MAX_HOTPLUG_BUS) {
return 0;
}
--
1.7.12.4
Re: [Qemu-devel] [PATCH] pcihp: fix possible array out of bounds
-Original Message-
From: Marcel Apfelbaum [mailto:marcel.apfelb...@gmail.com]
Sent: Tuesday, August 19, 2014 11:00 PM
To: Gonglei (Arei)
Cc: qemu-devel@nongnu.org; Huangweidong (C); m...@redhat.com
Subject: Re: [Qemu-devel] [PATCH] pcihp: fix possible array out of bounds
On Tue, 2014-08-19 at 15:18 +0800, arei.gong...@huawei.com wrote:
From: Gonglei arei.gong...@huawei.com
When 'bsel == ACPI_PCIHP_MAX_HOTPLUG_BUS', the
s-acpi_pcihp_pci_status[bsel] array will out of bounds.
I would change the commit message to something like
Prevent out-of-bounds array access on acpi_pcihp_pci_status.
Other than that, it looks OK to me.
Thanks,
Marcel
OK, it's better, thanks. V2 will be posted.
Best regards,
-Gonglei
Add check for this.
Signed-off-by: Gonglei arei.gong...@huawei.com
---
hw/acpi/pcihp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/acpi/pcihp.c b/hw/acpi/pcihp.c
index fae663a..34dedf1 100644
--- a/hw/acpi/pcihp.c
+++ b/hw/acpi/pcihp.c
@@ -231,7 +231,7 @@ static uint64_t pci_read(void *opaque, hwaddr addr,
unsigned int size)
uint32_t val = 0;
int bsel = s-hotplug_select;
-if (bsel 0 || bsel ACPI_PCIHP_MAX_HOTPLUG_BUS) {
+if (bsel 0 || bsel = ACPI_PCIHP_MAX_HOTPLUG_BUS) {
return 0;
}
Re: [Qemu-devel] [PATCH] pcihp: fix possible array out of bounds
-Original Message-
From: peter.crosthwa...@petalogix.com
[mailto:peter.crosthwa...@petalogix.com] On Behalf Of Peter Crosthwaite
Sent: Tuesday, August 19, 2014 11:12 PM
To: Gonglei (Arei)
Cc: qemu-devel@nongnu.org Developers; Huangweidong (C); Michael S. Tsirkin
Subject: Re: [Qemu-devel] [PATCH] pcihp: fix possible array out of bounds
On Tue, Aug 19, 2014 at 5:18 PM, arei.gong...@huawei.com wrote:
From: Gonglei arei.gong...@huawei.com
When 'bsel == ACPI_PCIHP_MAX_HOTPLUG_BUS', the
s-acpi_pcihp_pci_status[bsel] array will out of bounds.
Add check for this.
Signed-off-by: Gonglei arei.gong...@huawei.com
Reviewed-by: Peter Crosthwaite peter.crosthwa...@xilinx.com
Thanks.
Best regards,
-Gonglei
---
hw/acpi/pcihp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/acpi/pcihp.c b/hw/acpi/pcihp.c
index fae663a..34dedf1 100644
--- a/hw/acpi/pcihp.c
+++ b/hw/acpi/pcihp.c
@@ -231,7 +231,7 @@ static uint64_t pci_read(void *opaque, hwaddr addr,
unsigned int size)
uint32_t val = 0;
int bsel = s-hotplug_select;
-if (bsel 0 || bsel ACPI_PCIHP_MAX_HOTPLUG_BUS) {
+if (bsel 0 || bsel = ACPI_PCIHP_MAX_HOTPLUG_BUS) {
return 0;
}
--
1.7.12.4
