qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH] virtio: abort on zero config length

From: Jason Wang
Subject: [Qemu-devel] [PATCH] virtio: abort on zero config length
Date: Thu, 25 Apr 2013 15:43:27 +0800 
In fact we don't support zero length config length for virtio device. And it can
lead outbound memory access. So abort on zero config length to catch the bug
earlier.

Signed-off-by: Jason Wang <address@hidden>
---
 hw/virtio/virtio.c |    7 ++-----
 1 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 1c2282c..a6fa667 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -923,6 +923,7 @@ void virtio_init(VirtIODevice *vdev, const char *name,
                  uint16_t device_id, size_t config_size)
 {
     int i;
+    assert(config_size);
     vdev->device_id = device_id;
     vdev->status = 0;
     vdev->isr = 0;
@@ -938,11 +939,7 @@ void virtio_init(VirtIODevice *vdev, const char *name,
 
     vdev->name = name;
     vdev->config_len = config_size;
-    if (vdev->config_len) {
-        vdev->config = g_malloc0(config_size);
-    } else {
-        vdev->config = NULL;
-    }
+    vdev->config = g_malloc0(config_size);
     vdev->vmstate = qemu_add_vm_change_state_handler(virtio_vmstate_change,
                                                      vdev);
 }
-- 
1.7.1
reply via email to
[Prev in Thread] Current Thread [Next in Thread]