diff options
| author | SeokYeon Hwang <syeon.hwang@samsung.com> | 2014-06-25 15:14:36 +0900 |
|---|---|---|
| committer | SeokYeon Hwang <syeon.hwang@samsung.com> | 2014-06-25 00:12:59 -0700 |
| commit | cfc381fffc19a4b0fe68e3ba10b261e13005c65d (patch) | |
| tree | d78c5c1eb283bdadf0be71ce5c37b848d893687b /hw | |
| parent | 3e2af16f7c721033873c61315c31712428aec0bf (diff) | |
| download | qemu-cfc381fffc19a4b0fe68e3ba10b261e13005c65d.tar.gz qemu-cfc381fffc19a4b0fe68e3ba10b261e13005c65d.tar.bz2 qemu-cfc381fffc19a4b0fe68e3ba10b261e13005c65d.zip | |
pci: add device realization check before the capability is unlinked
"pdev" and its member may be unrealized and be freed, so accessing a member of "pdev" is able to cause heap memory corruption.
Check the change of "device_unparent()" in the commit 5c21ce77d7e5643089ceec556c0408445d017f32.
Change-Id: Iacb195a092c86d4c677ad0404582af104b2251ae
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
Diffstat (limited to 'hw')
| -rw-r--r-- | hw/pci/pci.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/hw/pci/pci.c b/hw/pci/pci.c index 2a9f08eb0a..cdc8ee23d9 100644 --- a/hw/pci/pci.c +++ b/hw/pci/pci.c @@ -2056,7 +2056,11 @@ int pci_add_capability(PCIDevice *pdev, uint8_t cap_id, /* Unlink capability from the pci config space. */ void pci_del_capability(PCIDevice *pdev, uint8_t cap_id, uint8_t size) { - uint8_t prev, offset = pci_find_capability_list(pdev, cap_id, &prev); + uint8_t prev, offset; + if (!(pdev->qdev.realized)) { + return; + } + offset = pci_find_capability_list(pdev, cap_id, &prev); if (!offset) return; pdev->config[prev] = pdev->config[offset + PCI_CAP_LIST_NEXT]; |