[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] pcihp: fix possible array out of bounds
|
From: |
Gonglei (Arei) |
|
Subject: |
Re: [Qemu-devel] [PATCH] pcihp: fix possible array out of bounds |
|
Date: |
Wed, 20 Aug 2014 02:22:36 +0000 |
> -----Original Message-----
> From: Marcel Apfelbaum [mailto:address@hidden
> Sent: Tuesday, August 19, 2014 11:00 PM
> To: Gonglei (Arei)
> Cc: address@hidden; Huangweidong (C); address@hidden
> Subject: Re: [Qemu-devel] [PATCH] pcihp: fix possible array out of bounds
>
> On Tue, 2014-08-19 at 15:18 +0800, address@hidden wrote:
> > From: Gonglei <address@hidden>
> >
> > When 'bsel == ACPI_PCIHP_MAX_HOTPLUG_BUS', the
> > s->acpi_pcihp_pci_status[bsel] array will out of bounds.
> I would change the commit message to something like
> "Prevent out-of-bounds array access on acpi_pcihp_pci_status.
>
> Other than that, it looks OK to me.
> Thanks,
> Marcel
>
OK, it's better, thanks. V2 will be posted.
Best regards,
-Gonglei
> >
> > Add check for this.
> >
> > Signed-off-by: Gonglei <address@hidden>
> > ---
> > hw/acpi/pcihp.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/hw/acpi/pcihp.c b/hw/acpi/pcihp.c
> > index fae663a..34dedf1 100644
> > --- a/hw/acpi/pcihp.c
> > +++ b/hw/acpi/pcihp.c
> > @@ -231,7 +231,7 @@ static uint64_t pci_read(void *opaque, hwaddr addr,
> unsigned int size)
> > uint32_t val = 0;
> > int bsel = s->hotplug_select;
> >
> > - if (bsel < 0 || bsel > ACPI_PCIHP_MAX_HOTPLUG_BUS) {
> > + if (bsel < 0 || bsel >= ACPI_PCIHP_MAX_HOTPLUG_BUS) {
> > return 0;
> > }
> >
>
>