[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 02/51] xen-pt: fix Out-of-bounds read
From: |
Michael Tokarev |
Subject: |
[Qemu-devel] [PATCH 02/51] xen-pt: fix Out-of-bounds read |
Date: |
Fri, 6 Mar 2015 23:18:43 +0300 |
From: Gonglei <address@hidden>
The array length of s->real_device.io_regions[] is
"PCI_NUM_REGIONS - 1".
Signed-off-by: Gonglei <address@hidden>
Acked-by: Stefano Stabellini <address@hidden>
Signed-off-by: Michael Tokarev <address@hidden>
---
hw/xen/xen_pt_config_init.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c
index 710fe50..d99c22e 100644
--- a/hw/xen/xen_pt_config_init.c
+++ b/hw/xen/xen_pt_config_init.c
@@ -438,7 +438,7 @@ static int xen_pt_bar_reg_read(XenPCIPassthroughState *s,
XenPTReg *cfg_entry,
/* get BAR index */
index = xen_pt_bar_offset_to_index(reg->offset);
- if (index < 0 || index >= PCI_NUM_REGIONS) {
+ if (index < 0 || index >= PCI_NUM_REGIONS - 1) {
XEN_PT_ERR(&s->dev, "Internal error: Invalid BAR index [%d].\n",
index);
return -1;
}
--
2.1.4
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-devel] [PATCH 02/51] xen-pt: fix Out-of-bounds read,
Michael Tokarev <=