[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2 2/2] xen-pt: fix Out-of-bounds read
From: |
Gonglei |
Subject: |
Re: [Qemu-devel] [PATCH v2 2/2] xen-pt: fix Out-of-bounds read |
Date: |
Tue, 10 Feb 2015 16:21:48 +0800 |
User-agent: |
Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 |
On 2015/2/10 16:11, Stefano Stabellini wrote:
> On Tue, 10 Feb 2015, address@hidden wrote:
>> From: Gonglei <address@hidden>
>>
>> The array length of s->real_device.io_regions[] is
>> "PCI_NUM_REGIONS - 1".
>>
>> Signed-off-by: Gonglei <address@hidden>
>
> Acked-by: Stefano Stabellini <address@hidden>
>
> I am happy for these patches to go in via the qemu-trivial tree.
>
Thanks. Let me cc /mjt.
Regards,
-Gonglei
>> hw/xen/xen_pt_config_init.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c
>> index 710fe50..d99c22e 100644
>> --- a/hw/xen/xen_pt_config_init.c
>> +++ b/hw/xen/xen_pt_config_init.c
>> @@ -438,7 +438,7 @@ static int xen_pt_bar_reg_read(XenPCIPassthroughState
>> *s, XenPTReg *cfg_entry,
>>
>> /* get BAR index */
>> index = xen_pt_bar_offset_to_index(reg->offset);
>> - if (index < 0 || index >= PCI_NUM_REGIONS) {
>> + if (index < 0 || index >= PCI_NUM_REGIONS - 1) {
>> XEN_PT_ERR(&s->dev, "Internal error: Invalid BAR index [%d].\n",
>> index);
>> return -1;
>> }
>> --
>> 1.7.12.4
>>
>>