[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-stable] [PATCH 50/99] usb: correctly handle Zero Length Packets
|
From: |
Michael Roth |
|
Subject: |
[Qemu-stable] [PATCH 50/99] usb: correctly handle Zero Length Packets |
|
Date: |
Mon, 23 Jul 2018 15:16:59 -0500 |
From: Philippe Mathieu-Daudé <address@hidden>
USB Specification Revision 2.0, §5.5.3:
The Data stage of a control transfer from an endpoint to the host is complete
when the endpoint does one of the following:
• Has transferred exactly the amount of data specified during the Setup stage
• Transfers a packet with a payload size less than wMaxPacketSize or
transfers a zero-length packet"
hw/usb/redirect.c:802:9: warning: Declared variable-length array (VLA) has zero
size
uint8_t buf[size];
^~~~~~~~~~~ ~~~~
Reported-by: Clang Static Analyzer
Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
(cherry picked from commit bf78fb1c1b61a819a47f7a1dbecf9934b9f32a0d)
Signed-off-by: Michael Roth <address@hidden>
---
hw/usb/redirect.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
index 65a9196c1a..58e8f7f5bd 100644
--- a/hw/usb/redirect.c
+++ b/hw/usb/redirect.c
@@ -795,7 +795,7 @@ static void usbredir_handle_bulk_data(USBRedirDevice *dev,
USBPacket *p,
usbredirparser_peer_has_cap(dev->parser,
usb_redir_cap_32bits_bulk_length));
- if (ep & USB_DIR_IN) {
+ if (ep & USB_DIR_IN || size == 0) {
usbredirparser_send_bulk_packet(dev->parser, p->id,
&bulk_packet, NULL, 0);
} else {
--
2.17.1
- [Qemu-stable] [PATCH 03/99] ccid: Fix dwProtocols advertisement of T=0, (continued)
- [Qemu-stable] [PATCH 03/99] ccid: Fix dwProtocols advertisement of T=0, Michael Roth, 2018/07/23
- [Qemu-stable] [PATCH 41/99] throttle: Fix crash on reopen, Michael Roth, 2018/07/23
- [Qemu-stable] [PATCH 42/99] i386: define the 'ssbd' CPUID feature bit (CVE-2018-3639), Michael Roth, 2018/07/23
- [Qemu-stable] [PATCH 43/99] i386: Define the Virt SSBD MSR and handling of it (CVE-2018-3639), Michael Roth, 2018/07/23
- [Qemu-stable] [PATCH 44/99] i386: define the AMD 'virt-ssbd' CPUID feature bit (CVE-2018-3639), Michael Roth, 2018/07/23
- [Qemu-stable] [PATCH 46/99] vhost-user: delete net client if necessary, Michael Roth, 2018/07/23
- [Qemu-stable] [PATCH 45/99] tap: set vhostfd passed from qemu cli to non-blocking, Michael Roth, 2018/07/23
- [Qemu-stable] [PATCH 47/99] qemu-img: Fix assert when mapping unaligned raw file, Michael Roth, 2018/07/23
- [Qemu-stable] [PATCH 49/99] arm_gicv3_kvm: kvm_dist_get/put_priority: skip the registers banked by GICR_IPRIORITYR, Michael Roth, 2018/07/23
- [Qemu-stable] [PATCH 48/99] iotests: Add test 221 to catch qemu-img map regression, Michael Roth, 2018/07/23
- [Qemu-stable] [PATCH 50/99] usb: correctly handle Zero Length Packets,
Michael Roth <=
- [Qemu-stable] [PATCH 04/99] nbd/client: Fix error messages during NBD_INFO_BLOCK_SIZE, Michael Roth, 2018/07/23
- [Qemu-stable] [PATCH 51/99] usb/dev-mtp: Fix use of uninitialized values, Michael Roth, 2018/07/23
- [Qemu-stable] [PATCH 52/99] vnc: fix use-after-free, Michael Roth, 2018/07/23
- [Qemu-stable] [PATCH 55/99] nbd/client: fix nbd_negotiate_simple_meta_context, Michael Roth, 2018/07/23
- [Qemu-stable] [PATCH 54/99] cpus: tcg: fix never exiting loop on unplug, Michael Roth, 2018/07/23
- [Qemu-stable] [PATCH 53/99] block/mirror: honor ratelimit again, Michael Roth, 2018/07/23
- [Qemu-stable] [PATCH 56/99] migration/block-dirty-bitmap: fix memory leak in dirty_bitmap_load_bits, Michael Roth, 2018/07/23
- [Qemu-stable] [PATCH 57/99] qapi: fill in CpuInfoFast.arch in query-cpus-fast, Michael Roth, 2018/07/23
- [Qemu-stable] [PATCH 58/99] block/mirror: Make cancel always cancel pre-READY, Michael Roth, 2018/07/23
- [Qemu-stable] [PATCH 60/99] riscv: spike: allow base == 0, Michael Roth, 2018/07/23