mirror of
https://github.com/qemu/qemu.git
synced 2024-11-25 11:53:39 +08:00
virtio-pci: don't crash on illegal length
Some guests seem to access cfg with an illegal length value. It's worth fixing them but debugging is easier if qemu does not crash. Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This commit is contained in:
parent
8aedc369c6
commit
2a6391232f
@ -546,7 +546,8 @@ static void virtio_write_config(PCIDevice *pci_dev, uint32_t address,
|
||||
off = le32_to_cpu(cfg->cap.offset);
|
||||
len = le32_to_cpu(cfg->cap.length);
|
||||
|
||||
if (len <= sizeof cfg->pci_cfg_data) {
|
||||
if (len == 1 || len == 2 || len == 4) {
|
||||
assert(len <= sizeof cfg->pci_cfg_data);
|
||||
virtio_address_space_write(&proxy->modern_as, off,
|
||||
cfg->pci_cfg_data, len);
|
||||
}
|
||||
@ -570,7 +571,8 @@ static uint32_t virtio_read_config(PCIDevice *pci_dev,
|
||||
off = le32_to_cpu(cfg->cap.offset);
|
||||
len = le32_to_cpu(cfg->cap.length);
|
||||
|
||||
if (len <= sizeof cfg->pci_cfg_data) {
|
||||
if (len == 1 || len == 2 || len == 4) {
|
||||
assert(len <= sizeof cfg->pci_cfg_data);
|
||||
virtio_address_space_read(&proxy->modern_as, off,
|
||||
cfg->pci_cfg_data, len);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user