[Qemu-devel] [PATCH 2/2] fw_cfg: fix crash if FW_CFG_WRITE

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH 2/2] fw_cfg: fix crash if FW_CFG_WRITE_CHANNEL is us

From:	Blue Swirl
Subject:	[Qemu-devel] [PATCH 2/2] fw_cfg: fix crash if FW_CFG_WRITE_CHANNEL is used incorrectly
Date:	Fri, 26 Aug 2011 18:46:09 +0000

Avoid a crash if the guest combines FW_CFG_WRITE_CHANNEL with
a wrong value.

Signed-off-by: Blue Swirl <address@hidden>
---
 hw/fw_cfg.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/hw/fw_cfg.c b/hw/fw_cfg.c
index 663ad80..8df265c 100644
--- a/hw/fw_cfg.c
+++ b/hw/fw_cfg.c
@@ -214,7 +214,8 @@ static void fw_cfg_write(FWCfgState *s, uint8_t value)

     FW_CFG_DPRINTF("write %d\n", value);

-    if (s->cur_entry & FW_CFG_WRITE_CHANNEL && s->cur_offset < e->len) {
+    if (s->cur_entry & FW_CFG_WRITE_CHANNEL && e->callback &&
+        s->cur_offset < e->len) {
         e->data[s->cur_offset++] = value;
         if (s->cur_offset == e->len) {
             e->callback(e->callback_opaque, e->data);
-- 
1.6.2.4

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH 2/2] fw_cfg: fix crash if FW_CFG_WRITE_CHANNEL is used incorrectly, Blue Swirl <=

Prev by Date: [Qemu-devel] [PATCH 1/2] Fix guest agent build with simpletrace
Next by Date: Re: [Qemu-devel] Register usage statistics?
Previous by thread: [Qemu-devel] [PATCH 1/2] Fix guest agent build with simpletrace
Next by thread: [Qemu-devel] Question about (next_tb & 3) == 2
Index(es):
- Date
- Thread