[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2 2/2] xen-pt: fix Out-of-bounds read
From: |
Stefano Stabellini |
Subject: |
Re: [Qemu-devel] [PATCH v2 2/2] xen-pt: fix Out-of-bounds read |
Date: |
Tue, 10 Feb 2015 08:11:52 +0000 |
User-agent: |
Alpine 2.02 (DEB 1266 2009-07-14) |
On Tue, 10 Feb 2015, address@hidden wrote:
> From: Gonglei <address@hidden>
>
> The array length of s->real_device.io_regions[] is
> "PCI_NUM_REGIONS - 1".
>
> Signed-off-by: Gonglei <address@hidden>
Acked-by: Stefano Stabellini <address@hidden>
I am happy for these patches to go in via the qemu-trivial tree.
> hw/xen/xen_pt_config_init.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c
> index 710fe50..d99c22e 100644
> --- a/hw/xen/xen_pt_config_init.c
> +++ b/hw/xen/xen_pt_config_init.c
> @@ -438,7 +438,7 @@ static int xen_pt_bar_reg_read(XenPCIPassthroughState *s,
> XenPTReg *cfg_entry,
>
> /* get BAR index */
> index = xen_pt_bar_offset_to_index(reg->offset);
> - if (index < 0 || index >= PCI_NUM_REGIONS) {
> + if (index < 0 || index >= PCI_NUM_REGIONS - 1) {
> XEN_PT_ERR(&s->dev, "Internal error: Invalid BAR index [%d].\n",
> index);
> return -1;
> }
> --
> 1.7.12.4
>
>