From 6e3d652ab204c6f8f1846639bca802fb9c8a9a6d Mon Sep 17 00:00:00 2001 From: Juan Quintela Date: Wed, 16 Apr 2014 13:31:26 +0200 Subject: savevm: Remove all the unneeded version_minimum_id_old (usb) After previous Peter patch, they are redundant. This way we don't assign them except when needed. Once there, there were lots of case where the ".fields" indentation was wrong: .fields = (VMStateField []) { and .fields = (VMStateField []) { Change all the combinations to: .fields = (VMStateField[]){ The biggest problem (appart from aesthetics) was that checkpatch complained when we copy&pasted the code from one place to another. Signed-off-by: Juan Quintela Acked-by: Gerd Hoffmann --- hw/usb/bus.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'hw/usb/bus.c') diff --git a/hw/usb/bus.c b/hw/usb/bus.c index e48b19fc29..699aa1075d 100644 --- a/hw/usb/bus.c +++ b/hw/usb/bus.c @@ -63,7 +63,7 @@ const VMStateDescription vmstate_usb_device = { .version_id = 1, .minimum_version_id = 1, .post_load = usb_device_post_load, - .fields = (VMStateField []) { + .fields = (VMStateField[]) { VMSTATE_UINT8(addr, USBDevice), VMSTATE_INT32(state, USBDevice), VMSTATE_INT32(remote_wakeup, USBDevice), -- cgit v1.2.3 From 719ffe1f5f72b1c7ace4afe9ba2815bcb53a829e Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Tue, 13 May 2014 12:33:16 +0300 Subject: usb: fix up post load checks Correct post load checks: 1. dev->setup_len == sizeof(dev->data_buf) seems fine, no need to fail migration 2. When state is DATA, passing index > len will cause memcpy with negative length, resulting in heap overflow First of the issues was reported by dgilbert. Reported-by: "Dr. David Alan Gilbert" Signed-off-by: Michael S. Tsirkin Signed-off-by: Juan Quintela --- hw/usb/bus.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'hw/usb/bus.c') diff --git a/hw/usb/bus.c b/hw/usb/bus.c index 699aa1075d..927a47bbff 100644 --- a/hw/usb/bus.c +++ b/hw/usb/bus.c @@ -51,8 +51,8 @@ static int usb_device_post_load(void *opaque, int version_id) } if (dev->setup_index < 0 || dev->setup_len < 0 || - dev->setup_index >= sizeof(dev->data_buf) || - dev->setup_len >= sizeof(dev->data_buf)) { + dev->setup_index > dev->setup_len || + dev->setup_len > sizeof(dev->data_buf)) { return -EINVAL; } return 0; -- cgit v1.2.3