[Qemu-devel] [Bug 1581308] [NEW] ohci doesn't check the 'num-ports' property

[Qemu-devel] [Bug 1581308] [NEW] ohci doesn't check the 'num-ports' property

[Li Qiang]

Public bug reported:

command:
qemu-system-x86_64 -m 1024 -enable-kvm /root/centos6.img -enable-kvm -device pci-ohci,num-ports=100,masterbus=1

The ohci doesn't check the 'num-ports' property and would case an out-
of-bands write,crash the qemu process.

    ohci->num_ports = num_ports;
    if (masterbus) {
        USBPort *ports[OHCI_MAX_PORTS];
        for(i = 0; i < num_ports; i++) {
            ports[i] = &ohci->rhport[i].port;
        }

The version of qemu is 2.6.0 release from 
http://wiki.qemu-project.org/download/qemu-2.6.0.tar.bz2

** Affects: qemu
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1581308

Title:
  ohci doesn't check the 'num-ports' property

Status in QEMU:
  New

Bug description:
  command:
  qemu-system-x86_64 -m 1024 -enable-kvm /root/centos6.img -enable-kvm -device pci-ohci,num-ports=100,masterbus=1

  The ohci doesn't check the 'num-ports' property and would case an out-
  of-bands write,crash the qemu process.

      ohci->num_ports = num_ports;
      if (masterbus) {
          USBPort *ports[OHCI_MAX_PORTS];
          for(i = 0; i < num_ports; i++) {
              ports[i] = &ohci->rhport[i].port;
          }

  The version of qemu is 2.6.0 release from 
  http://wiki.qemu-project.org/download/qemu-2.6.0.tar.bz2

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1581308/+subscriptions

[Qemu-devel] [Bug 1581308] Re: ohci doesn't check the 'num-ports' property

[thh]

I was able to reproduce the crash, and proposed now a fix on the qemu-
devel mailing list (see https://patchwork.ozlabs.org/patch/625092/ for
details)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1581308

Title:
  ohci doesn't check the 'num-ports' property

Status in QEMU:
  New

Bug description:
  command:
  qemu-system-x86_64 -m 1024 -enable-kvm /root/centos6.img -enable-kvm -device pci-ohci,num-ports=100,masterbus=1

  The ohci doesn't check the 'num-ports' property and would case an out-
  of-bands write,crash the qemu process.

      ohci->num_ports = num_ports;
      if (masterbus) {
          USBPort *ports[OHCI_MAX_PORTS];
          for(i = 0; i < num_ports; i++) {
              ports[i] = &ohci->rhport[i].port;
          }

  The version of qemu is 2.6.0 release from 
  http://wiki.qemu-project.org/download/qemu-2.6.0.tar.bz2

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1581308/+subscriptions

[Qemu-devel] [Bug 1581308] Re: ohci doesn't check the 'num-ports' property

[thh]

The fix has been included in the repository:

http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d400fc018b326104d26

Thanks for reporting the issue!

** Changed in: qemu
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1581308

Title:
  ohci doesn't check the 'num-ports' property

Status in QEMU:
  Fix Released

Bug description:
  command:
  qemu-system-x86_64 -m 1024 -enable-kvm /root/centos6.img -enable-kvm -device pci-ohci,num-ports=100,masterbus=1

  The ohci doesn't check the 'num-ports' property and would case an out-
  of-bands write,crash the qemu process.

      ohci->num_ports = num_ports;
      if (masterbus) {
          USBPort *ports[OHCI_MAX_PORTS];
          for(i = 0; i < num_ports; i++) {
              ports[i] = &ohci->rhport[i].port;
          }

  The version of qemu is 2.6.0 release from 
  http://wiki.qemu-project.org/download/qemu-2.6.0.tar.bz2

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1581308/+subscriptions