> > > * https://gitlab.com/qemu-project/qemu/-/issues/119
> > > * https://gitlab.com/qemu-project/qemu/-/issues/303
> diff --git a/hw/usb/core.c b/hw/usb/core.c
> index 975f762..a29b378 100644
> --- a/hw/usb/core.c
> +++ b/hw/usb/core.c
> @@ -735,10 +735,11 @@ void usb_ep_dump(USBDevice *dev)
>
>
Hi Paul,
On Mon, Jul 5, 2021 at 6:27 AM Paul Zimmerman wrote:
>
> On Sat, Jun 26, 2021 at 10:21 PM Qiang Liu wrote:
> >
> > Hi folks,
> >
> > I found this bug by my dwc2 fuzzer.
> > It seems that
> > * https://bugs.launchpad.net/qemu/+bug/1907042
> > * https://bugs.launchpad.net/qemu/+bug/152512
On Sat, Jun 26, 2021 at 10:21 PM Qiang Liu wrote:
>
> Hi folks,
>
> I found this bug by my dwc2 fuzzer.
> It seems that
> * https://bugs.launchpad.net/qemu/+bug/1907042
> * https://bugs.launchpad.net/qemu/+bug/1525123
> or
> * https://gitlab.com/qemu-project/qemu/-/issues/119
> * https://gitlab.co
Hi folks,
I found this bug by my dwc2 fuzzer.
It seems that
* https://bugs.launchpad.net/qemu/+bug/1907042
* https://bugs.launchpad.net/qemu/+bug/1525123
or
* https://gitlab.com/qemu-project/qemu/-/issues/119
* https://gitlab.com/qemu-project/qemu/-/issues/303
have reported similar issues.
Would
When eptype is USB_ENDPOINT_XFER_CONTROL and pid is
TSIZ_SC_MC_PID_SETUP, usb_ep_get() should return the control endpoint.
In hw/usb/core.c, the assumed epnum of the control endpoint is 0. When
epnum is not 0, usb_ep_get() will crash due to the check assert(pid ==
USB_TOKEN_IN || pid == USB_TOKEN_O
