ShuriZma
/
xemu
mirror of https://github.com/xemu-project/xemu.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

usb-host: don't dereference invalid iovecs 

usb-host assumes the first iovec element is always valid.
In case of a zero-length packet this isn't true though.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This commit is contained in:
Gerd Hoffmann 2012-04-19 13:35:07 +02:00
parent 6d7aeeeb89
commit 818d59dc17
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
hw/usb/host-linux.c
View File

@ -884,16 +884,16 @@ static int usb_host_handle_data(USBDevice *dev, USBPacket *p)
} }
v = 0; v = 0;
prem = p->iov.iov[v].iov_len; prem = 0;
pbuf = p->iov.iov[v].iov_base; pbuf = NULL;
rem = p->iov.size; rem = p->iov.size;
while (rem) { while (rem) {
if (prem == 0) { if (prem == 0) {
v++;
assert(v < p->iov.niov); assert(v < p->iov.niov);
prem = p->iov.iov[v].iov_len; prem = p->iov.iov[v].iov_len;
pbuf = p->iov.iov[v].iov_base; pbuf = p->iov.iov[v].iov_base;
assert(prem <= rem); assert(prem <= rem);
v++;
} }
aurb = async_alloc(s); aurb = async_alloc(s);
aurb->packet = p; aurb->packet = p;