pci: Common overflow prevention

Introduce pci_config_read/write_common helpers to prevent passing accesses down the callback chain that go beyond the config space limits. Adjust length assertions as they are no longer correct (cutting may generate valid 3 byte accesses). Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
author: Jan Kiszka <jan.kiszka@siemens.com> 2011-07-22 11:05:01 +0200
committer: Michael S. Tsirkin <mst@redhat.com> 2011-07-27 10:57:22 +0300
commit: 42e4126b793d15ec40f3a84017e1d8afecda1b6d (patch)
tree: cad2ca961f45dbfca771a370cf8fd95c47cd09ba /hw/pci.c
parent: 85dde9a90b9d26273ef531d344b2cdfee9a6683d (diff)
1 files changed, 2 insertions, 4 deletions
diff --git a/hw/pci.c b/hw/pci.c
index b904a4ecb6..ef94739718 100644
--- a/hw/pci.c
+++ b/hw/pci.c
@@ -1108,8 +1108,7 @@ uint32_t pci_default_read_config(PCIDevice *d,
                                  uint32_t address, int len)
 {
     uint32_t val = 0;
-    assert(len == 1 || len == 2 || len == 4);
-    len = MIN(len, pci_config_size(d) - address);
+
     memcpy(&val, d->config + address, len);
     return le32_to_cpu(val);
 }
@@ -1117,9 +1116,8 @@ uint32_t pci_default_read_config(PCIDevice *d,
 void pci_default_write_config(PCIDevice *d, uint32_t addr, uint32_t val, int l)
 {
     int i, was_irq_disabled = pci_irq_disabled(d);
-    uint32_t config_size = pci_config_size(d);
 
-    for (i = 0; i < l && addr + i < config_size; val >>= 8, ++i) {
+    for (i = 0; i < l; val >>= 8, ++i) {
         uint8_t wmask = d->wmask[addr + i];
         uint8_t w1cmask = d->w1cmask[addr + i];
         assert(!(wmask & w1cmask));
author	Jan Kiszka <jan.kiszka@siemens.com>	2011-07-22 11:05:01 +0200
committer	Michael S. Tsirkin <mst@redhat.com>	2011-07-27 10:57:22 +0300
commit	42e4126b793d15ec40f3a84017e1d8afecda1b6d (patch)
tree	cad2ca961f45dbfca771a370cf8fd95c47cd09ba /hw/pci.c
parent	85dde9a90b9d26273ef531d344b2cdfee9a6683d (diff)