diff options
| author | Jan Kiszka <jan.kiszka@siemens.com> | 2011-07-22 11:05:01 +0200 |
|---|---|---|
| committer | Michael S. Tsirkin <mst@redhat.com> | 2011-07-27 10:57:22 +0300 |
| commit | 42e4126b793d15ec40f3a84017e1d8afecda1b6d (patch) | |
| tree | cad2ca961f45dbfca771a370cf8fd95c47cd09ba /hw/pci.c | |
| parent | 85dde9a90b9d26273ef531d344b2cdfee9a6683d (diff) | |
| download | focaccia-qemu-42e4126b793d15ec40f3a84017e1d8afecda1b6d.tar.gz focaccia-qemu-42e4126b793d15ec40f3a84017e1d8afecda1b6d.zip | |
pci: Common overflow prevention
Introduce pci_config_read/write_common helpers to prevent passing accesses down the callback chain that go beyond the config space limits. Adjust length assertions as they are no longer correct (cutting may generate valid 3 byte accesses). Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Diffstat (limited to 'hw/pci.c')
| -rw-r--r-- | hw/pci.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/hw/pci.c b/hw/pci.c index b904a4ecb6..ef94739718 100644 --- a/hw/pci.c +++ b/hw/pci.c @@ -1108,8 +1108,7 @@ uint32_t pci_default_read_config(PCIDevice *d, uint32_t address, int len) { uint32_t val = 0; - assert(len == 1 || len == 2 || len == 4); - len = MIN(len, pci_config_size(d) - address); + memcpy(&val, d->config + address, len); return le32_to_cpu(val); } @@ -1117,9 +1116,8 @@ uint32_t pci_default_read_config(PCIDevice *d, void pci_default_write_config(PCIDevice *d, uint32_t addr, uint32_t val, int l) { int i, was_irq_disabled = pci_irq_disabled(d); - uint32_t config_size = pci_config_size(d); - for (i = 0; i < l && addr + i < config_size; val >>= 8, ++i) { + for (i = 0; i < l; val >>= 8, ++i) { uint8_t wmask = d->wmask[addr + i]; uint8_t w1cmask = d->w1cmask[addr + i]; assert(!(wmask & w1cmask)); |