diff options
Diffstat (limited to 'hw')
| -rw-r--r-- | hw/virtio/virtio.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c index aeabf3a459..05f05e7c10 100644 --- a/hw/virtio/virtio.c +++ b/hw/virtio/virtio.c @@ -891,7 +891,8 @@ int virtio_set_features(VirtIODevice *vdev, uint32_t val) int virtio_load(VirtIODevice *vdev, QEMUFile *f) { - int num, i, ret; + int i, ret; + uint32_t num; uint32_t features; uint32_t supported_features; BusState *qbus = qdev_get_parent_bus(DEVICE(vdev)); @@ -919,6 +920,11 @@ int virtio_load(VirtIODevice *vdev, QEMUFile *f) num = qemu_get_be32(f); + if (num > VIRTIO_PCI_QUEUE_MAX) { + error_report("Invalid number of PCI queues: 0x%x", num); + return -1; + } + for (i = 0; i < num; i++) { vdev->vq[i].vring.num = qemu_get_be32(f); if (k->has_variable_vring_alignment) { |