[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] pcihp: fix possible array out of bounds
|
From: |
Marcel Apfelbaum |
|
Subject: |
Re: [Qemu-devel] [PATCH] pcihp: fix possible array out of bounds |
|
Date: |
Tue, 19 Aug 2014 17:59:46 +0300 |
On Tue, 2014-08-19 at 15:18 +0800, address@hidden wrote:
> From: Gonglei <address@hidden>
>
> When 'bsel == ACPI_PCIHP_MAX_HOTPLUG_BUS', the
> s->acpi_pcihp_pci_status[bsel] array will out of bounds.
I would change the commit message to something like
"Prevent out-of-bounds array access on acpi_pcihp_pci_status.
Other than that, it looks OK to me.
Thanks,
Marcel
>
> Add check for this.
>
> Signed-off-by: Gonglei <address@hidden>
> ---
> hw/acpi/pcihp.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/acpi/pcihp.c b/hw/acpi/pcihp.c
> index fae663a..34dedf1 100644
> --- a/hw/acpi/pcihp.c
> +++ b/hw/acpi/pcihp.c
> @@ -231,7 +231,7 @@ static uint64_t pci_read(void *opaque, hwaddr addr,
> unsigned int size)
> uint32_t val = 0;
> int bsel = s->hotplug_select;
>
> - if (bsel < 0 || bsel > ACPI_PCIHP_MAX_HOTPLUG_BUS) {
> + if (bsel < 0 || bsel >= ACPI_PCIHP_MAX_HOTPLUG_BUS) {
> return 0;
> }
>