results/scraper/launchpad/1581308


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

ohci doesn't check the 'num-ports' property

command:
qemu-system-x86_64 -m 1024 -enable-kvm /root/centos6.img -enable-kvm -device pci-ohci,num-ports=100,masterbus=1

The ohci doesn't check the 'num-ports' property and would case an out-of-bands write,crash the qemu process.

    ohci->num_ports = num_ports;
    if (masterbus) {
        USBPort *ports[OHCI_MAX_PORTS];
        for(i = 0; i < num_ports; i++) {
            ports[i] = &ohci->rhport[i].port;
        }

The version of qemu is 2.6.0 release from 
http://wiki.qemu-project.org/download/qemu-2.6.0.tar.bz2

I was able to reproduce the crash, and proposed now a fix on the qemu-devel mailing list (see https://patchwork.ozlabs.org/patch/625092/ for details)

The fix has been included in the repository:

http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d400fc018b326104d26

Thanks for reporting the issue!