[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet()
|
From: |
Gerd Hoffmann |
|
Subject: |
Re: [PATCH] hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet() |
|
Date: |
Tue, 13 Oct 2020 09:04:23 +0200 |
> > + if (mps == 0) {
> > + qemu_log_mask(LOG_GUEST_ERROR,
> > + "%s: Bad HCCHAR_MPS set to zero\n", __func__);
> > + return;
> > + }
> I think it would be better to move this check earlier in the function,
> just after 'mps' is read from the register. Otherwise it can get
> assigned to 'tlen' and 'p->mps', and who knows what mischief an
> invalid value there might cause.
Makes sense. While being at it maybe handle len > DWC2_MAX_XFER_SIZE
the same way, the assert looks like it can be triggered by the guest.
Also: What would be the effect of simply returning here? Would dwc2
emulation simply stop processing queues? Should we maybe raise an
error IRQ? What will real dwc2 hardware do in this case?
take care,
Gerd
- [PATCH] hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet(), Mauro Matteo Cascella, 2020/10/12
- Re: [PATCH] hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet(), Paul Zimmerman, 2020/10/12
- Re: [PATCH] hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet(),
Gerd Hoffmann <=
- Re: [PATCH] hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet(), Paul Zimmerman, 2020/10/13
- Re: [PATCH] hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet(), Gerd Hoffmann, 2020/10/13
- Re: [PATCH] hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet(), Mauro Matteo Cascella, 2020/10/14
- Re: [PATCH] hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet(), Paul Zimmerman, 2020/10/15
- Re: [PATCH] hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet(), Gerd Hoffmann, 2020/10/15
- Re: [PATCH] hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet(), Gerd Hoffmann, 2020/10/14