[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 4/5] usb-mtp: fix sending files larger than 4gb
From: |
Gerd Hoffmann |
Subject: |
[Qemu-devel] [PULL 4/5] usb-mtp: fix sending files larger than 4gb |
Date: |
Wed, 14 Sep 2016 11:33:34 +0200 |
From: Isaac Lozano <address@hidden>
MTP requires that if a file is larger than 4gb or if sending data larger
than 4gb, that the length field be set to 0xFFFFFFFF.
Also widened a couple variables to prevent overflow errors.
Signed-off-by: Isaac Lozano <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
---
hw/usb/dev-mtp.c | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
index 1be85ae..869d244 100644
--- a/hw/usb/dev-mtp.c
+++ b/hw/usb/dev-mtp.c
@@ -115,8 +115,8 @@ struct MTPControl {
struct MTPData {
uint16_t code;
uint32_t trans;
- uint32_t offset;
- uint32_t length;
+ uint64_t offset;
+ uint64_t length;
uint32_t alloc;
uint8_t *data;
bool first;
@@ -883,7 +883,12 @@ static MTPData *usb_mtp_get_object_info(MTPState *s,
MTPControl *c,
usb_mtp_add_u32(d, QEMU_STORAGE_ID);
usb_mtp_add_u16(d, o->format);
usb_mtp_add_u16(d, 0);
- usb_mtp_add_u32(d, o->stat.st_size);
+
+ if (o->stat.st_size > 0xFFFFFFFF) {
+ usb_mtp_add_u32(d, 0xFFFFFFFF);
+ } else {
+ usb_mtp_add_u32(d, o->stat.st_size);
+ }
usb_mtp_add_u16(d, 0);
usb_mtp_add_u32(d, 0);
@@ -1193,10 +1198,15 @@ static void usb_mtp_handle_data(USBDevice *dev,
USBPacket *p)
}
if (s->data_in != NULL) {
MTPData *d = s->data_in;
- int dlen = d->length - d->offset;
+ uint64_t dlen = d->length - d->offset;
if (d->first) {
trace_usb_mtp_data_in(s->dev.addr, d->trans, d->length);
- container.length = cpu_to_le32(d->length + sizeof(container));
+ if (d->length + sizeof(container) > 0xFFFFFFFF) {
+ container.length = cpu_to_le32(0xFFFFFFFF);
+ } else {
+ container.length =
+ cpu_to_le32(d->length + sizeof(container));
+ }
container.type = cpu_to_le16(TYPE_DATA);
container.code = cpu_to_le16(d->code);
container.trans = cpu_to_le32(d->trans);
--
1.8.3.1
- [Qemu-devel] [PULL 0/5] usb: large file support for mtp, bugfixes., Gerd Hoffmann, 2016/09/14
- [Qemu-devel] [PULL 3/5] usb:xhci:fix memory leak in usb_xhci_exit, Gerd Hoffmann, 2016/09/14
- [Qemu-devel] [PULL 1/5] xhci: Fix remainder field for TR_SETUP completion event., Gerd Hoffmann, 2016/09/14
- [Qemu-devel] [PULL 2/5] usb-host: fix streams detection in usb_host_speed_compat, Gerd Hoffmann, 2016/09/14
- [Qemu-devel] [PULL 4/5] usb-mtp: fix sending files larger than 4gb,
Gerd Hoffmann <=
- [Qemu-devel] [PULL 5/5] usb-mtp: added object properties, Gerd Hoffmann, 2016/09/14
- Re: [Qemu-devel] [PULL 0/5] usb: large file support for mtp, bugfixes., Peter Maydell, 2016/09/15