[Qemu-devel] [PULL 4/7] dev-mtp: fix buffer allocation for writing file

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PULL 4/7] dev-mtp: fix buffer allocation for writing file

From:	Gerd Hoffmann
Subject:	[Qemu-devel] [PULL 4/7] dev-mtp: fix buffer allocation for writing file contents
Date:	Tue, 21 Aug 2018 11:11:45 +0200

From: Bandan Das <address@hidden>

usb_mtp_realloc() was being incorrectly used when allocating
buffer for incoming data. Set d->length only after resizing
the buffer.

Signed-off-by: Bandan Das <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
---
 hw/usb/dev-mtp.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
index c40b0de0bb..1b72603dc5 100644
--- a/hw/usb/dev-mtp.c
+++ b/hw/usb/dev-mtp.c
@@ -1721,6 +1721,7 @@ static void usb_mtp_get_data(MTPState *s, mtp_container 
*container,
     MTPData *d = s->data_out;
     uint64_t dlen;
     uint32_t data_len = p->iov.size;
+    uint64_t total_len;
 
     if (!d) {
             usb_mtp_queue_result(s, RES_INVALID_OBJECTINFO, 0,
@@ -1729,10 +1730,11 @@ static void usb_mtp_get_data(MTPState *s, mtp_container 
*container,
     }
     if (d->first) {
         /* Total length of incoming data */
-        d->length = cpu_to_le32(container->length) - sizeof(mtp_container);
+        total_len = cpu_to_le32(container->length) - sizeof(mtp_container);
         /* Length of data in this packet */
         data_len -= sizeof(mtp_container);
-        usb_mtp_realloc(d, d->length);
+        usb_mtp_realloc(d, total_len);
+        d->length += total_len;
         d->offset = 0;
         d->first = false;
     }
-- 
2.9.3

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PULL 0/7] Usb 20180821 patches, Gerd Hoffmann, 2018/08/21
- [Qemu-devel] [PULL 1/7] docs/usb2.txt: ehci has six ports, Gerd Hoffmann, 2018/08/21
- [Qemu-devel] [PULL 2/7] ohci: Clear the interrupt counter for erroneous transfers, Gerd Hoffmann, 2018/08/21
- [Qemu-devel] [PULL 3/7] dev-mtp: add support for canceling transaction, Gerd Hoffmann, 2018/08/21
- [Qemu-devel] [PULL 7/7] dev-mtp: rename x-root to rootdir, Gerd Hoffmann, 2018/08/21
- [Qemu-devel] [PULL 4/7] dev-mtp: fix buffer allocation for writing file contents, Gerd Hoffmann <=
- [Qemu-devel] [PULL 6/7] dev-mtp: Add support for > 4GB file transfers, Gerd Hoffmann, 2018/08/21
- [Qemu-devel] [PULL 5/7] dev-mtp: retry write for incomplete transfers, Gerd Hoffmann, 2018/08/21
- Re: [Qemu-devel] [PULL 0/7] Usb 20180821 patches, Peter Maydell, 2018/08/23

Prev by Date: [Qemu-devel] [PULL 7/7] dev-mtp: rename x-root to rootdir
Next by Date: [Qemu-devel] [PULL 0/7] Usb 20180821 patches
Previous by thread: [Qemu-devel] [PULL 7/7] dev-mtp: rename x-root to rootdir
Next by thread: [Qemu-devel] [PULL 6/7] dev-mtp: Add support for > 4GB file transfers
Index(es):
- Date
- Thread