diff options
| author | Gonglei | 2015-02-10 08:51:23 +0100 |
|---|---|---|
| committer | Michael Tokarev | 2015-03-10 06:15:33 +0100 |
| commit | 14cec170ea4724e6881ba2febb20e88a942e52d3 (patch) | |
| tree | 04bd2ae2b873316ae57988444813686806a405f1 | |
| parent | xen-pt: fix Negative array index read (diff) | |
| download | qemu-14cec170ea4724e6881ba2febb20e88a942e52d3.tar.gz qemu-14cec170ea4724e6881ba2febb20e88a942e52d3.tar.xz qemu-14cec170ea4724e6881ba2febb20e88a942e52d3.zip | |
xen-pt: fix Out-of-bounds read
The array length of s->real_device.io_regions[] is
"PCI_NUM_REGIONS - 1".
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
| -rw-r--r-- | hw/xen/xen_pt_config_init.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c index 710fe501bc..d99c22ef2f 100644 --- a/hw/xen/xen_pt_config_init.c +++ b/hw/xen/xen_pt_config_init.c @@ -438,7 +438,7 @@ static int xen_pt_bar_reg_read(XenPCIPassthroughState *s, XenPTReg *cfg_entry, /* get BAR index */ index = xen_pt_bar_offset_to_index(reg->offset); - if (index < 0 || index >= PCI_NUM_REGIONS) { + if (index < 0 || index >= PCI_NUM_REGIONS - 1) { XEN_PT_ERR(&s->dev, "Internal error: Invalid BAR index [%d].\n", index); return -1; } |