From: Donald Dutile <ddutile@redhat.com>
Date: Wed, 21 Sep 2011 19:25:11 +0000 (-0400)
Subject: pci-devfn: check that device/slot number is within range
X-Git-Tag: TizenStudio_2.0_p2.3.2~208^2~5261
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=ffe3ce1173e71ca299d08f6542839cc31ea3e3cf;p=sdk%2Femulator%2Fqemu.git

pci-devfn: check that device/slot number is within range

Need to check that guest slot/device number is not > 31 or walk off
the devfn table when checking if a devfn is available or not in a guest.

before this fix, passing in an addr=abc  or addr=34,
can crash qemu, sometimes fail gracefully if data past end
of devfn table fails the availability test.

with this fix, get clean error:
Property 'pci-assign.addr' doesn't take value '34'

also tested when no addr= param passed for guest (pcicfg) address,
and that worked as well.

Signed-off-by: Don Dutile <ddutile@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
---

diff --git a/hw/qdev-properties.c b/hw/qdev-properties.c
index 7ce95b6..e0e54aa 100644
--- a/hw/qdev-properties.c
+++ b/hw/qdev-properties.c
@@ -524,6 +524,8 @@ static int parse_pci_devfn(DeviceState *dev, Property *prop, const char *str)
         return -EINVAL;
     if (fn > 7)
         return -EINVAL;
+    if (slot > 31)
+        return -EINVAL;
     *ptr = slot << 3 | fn;
     return 0;
 }