pci-devfn: check that device/slot number is within range

Need to check that guest slot/device number is not > 31 or walk off the devfn table when checking if a devfn is available or not in a guest. before this fix, passing in an addr=abc or addr=34, can crash qemu, sometimes fail gracefully if data past end of devfn table fails the availability test. with this fix, get clean error: Property 'pci-assign.addr' doesn't take value '34' also tested when no addr= param passed for guest (pcicfg) address, and that worked as well. Signed-off-by: Don Dutile <ddutile@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
author: Donald Dutile 2011-09-21 21:25:11 +0200
committer: Anthony Liguori 2011-09-23 17:55:34 +0200
commit: ffe3ce1173e71ca299d08f6542839cc31ea3e3cf (patch)
tree: ef095af380ee8cdf3ed85e514b12f3c909db50e9 /hw/qdev-properties.c
parent: isapc: give system address space when pci is disabled (diff)
download: qemu-ffe3ce1173e71ca299d08f6542839cc31ea3e3cf.tar.gz
qemu-ffe3ce1173e71ca299d08f6542839cc31ea3e3cf.tar.xz
qemu-ffe3ce1173e71ca299d08f6542839cc31ea3e3cf.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/hw/qdev-properties.c b/hw/qdev-properties.c
index 7ce95b679c..e0e54aa857 100644
--- a/hw/qdev-properties.c
+++ b/hw/qdev-properties.c
@@ -524,6 +524,8 @@ static int parse_pci_devfn(DeviceState *dev, Property *prop, const char *str)
         return -EINVAL;
     if (fn > 7)
         return -EINVAL;
+    if (slot > 31)
+        return -EINVAL;
     *ptr = slot << 3 | fn;
     return 0;
 }
author	Donald Dutile	2011-09-21 21:25:11 +0200
committer	Anthony Liguori	2011-09-23 17:55:34 +0200
commit	ffe3ce1173e71ca299d08f6542839cc31ea3e3cf (patch)
tree	ef095af380ee8cdf3ed85e514b12f3c909db50e9 /hw/qdev-properties.c
parent	isapc: give system address space when pci is disabled (diff)
download	qemu-ffe3ce1173e71ca299d08f6542839cc31ea3e3cf.tar.gz qemu-ffe3ce1173e71ca299d08f6542839cc31ea3e3cf.tar.xz qemu-ffe3ce1173e71ca299d08f6542839cc31ea3e3cf.zip