diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2018-06-12 15:34:34 +0100 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2018-06-12 15:34:34 +0100 |
| commit | 2ab09bf2f9f55b9fb8d2de6eb2ba2a8570e268e2 (patch) | |
| tree | 882ab7bb5da085f75b6a5e1094f6df266183c562 /hw/usb | |
| parent | 3b68de85b9b964e1bfb8474af1208717ba29b9ff (diff) | |
| parent | 3c969a6022438cf59de10d2dc3c58f4807788f98 (diff) | |
| download | focaccia-qemu-2ab09bf2f9f55b9fb8d2de6eb2ba2a8570e268e2.tar.gz focaccia-qemu-2ab09bf2f9f55b9fb8d2de6eb2ba2a8570e268e2.zip | |
Merge remote-tracking branch 'remotes/kraxel/tags/usb-20180612-pull-request' into staging
usb: bug fix collection, doc update. # gpg: Signature made Tue 12 Jun 2018 11:44:17 BST # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/usb-20180612-pull-request: usb-mtp: Return error on suspicious TYPE_DATA packet from initiator usb-hcd-xhci-test: add a test for ccid hotplug usb-ccid: fix bus leak object: fix OBJ_PROP_LINK_UNREF_ON_RELEASE ambivalence bus: do not unref the added child bus on realize usb/dev-mtp: Fix use of uninitialized values usb: correctly handle Zero Length Packets usb: update docs Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'hw/usb')
| -rw-r--r-- | hw/usb/dev-mtp.c | 11 | ||||
| -rw-r--r-- | hw/usb/dev-smartcard-reader.c | 1 | ||||
| -rw-r--r-- | hw/usb/redirect.c | 2 |
3 files changed, 12 insertions, 2 deletions
diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c index 560c61c7c1..1ded7ac9a3 100644 --- a/hw/usb/dev-mtp.c +++ b/hw/usb/dev-mtp.c @@ -1017,12 +1017,16 @@ static MTPData *usb_mtp_get_object(MTPState *s, MTPControl *c, static MTPData *usb_mtp_get_partial_object(MTPState *s, MTPControl *c, MTPObject *o) { - MTPData *d = usb_mtp_data_alloc(c); + MTPData *d; off_t offset; + if (c->argc <= 2) { + return NULL; + } trace_usb_mtp_op_get_partial_object(s->dev.addr, o->handle, o->path, c->argv[1], c->argv[2]); + d = usb_mtp_data_alloc(c); d->fd = open(o->path, O_RDONLY); if (d->fd == -1) { usb_mtp_data_free(d); @@ -1696,6 +1700,11 @@ static void usb_mtp_get_data(MTPState *s, mtp_container *container, uint64_t dlen; uint32_t data_len = p->iov.size; + if (!d) { + usb_mtp_queue_result(s, RES_INVALID_OBJECTINFO, 0, + 0, 0, 0, 0); + return; + } if (d->first) { /* Total length of incoming data */ d->length = cpu_to_le32(container->length) - sizeof(mtp_container); diff --git a/hw/usb/dev-smartcard-reader.c b/hw/usb/dev-smartcard-reader.c index 2131e33d27..f7c91230d5 100644 --- a/hw/usb/dev-smartcard-reader.c +++ b/hw/usb/dev-smartcard-reader.c @@ -1147,6 +1147,7 @@ static void ccid_unrealize(USBDevice *dev, Error **errp) USBCCIDState *s = USB_CCID_DEV(dev); ccid_bulk_in_clear(s); + object_unref(OBJECT(&s->bus)); } static void ccid_flush_pending_answers(USBCCIDState *s) diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c index 65a9196c1a..58e8f7f5bd 100644 --- a/hw/usb/redirect.c +++ b/hw/usb/redirect.c @@ -795,7 +795,7 @@ static void usbredir_handle_bulk_data(USBRedirDevice *dev, USBPacket *p, usbredirparser_peer_has_cap(dev->parser, usb_redir_cap_32bits_bulk_length)); - if (ep & USB_DIR_IN) { + if (ep & USB_DIR_IN || size == 0) { usbredirparser_send_bulk_packet(dev->parser, p->id, &bulk_packet, NULL, 0); } else { |