qemu/hw
Daniella Lee bacf58ca18 Fix bad overflow check in hw/pci/pcie.c
Orginal qemu commit hash:14d02cfbe4adaeebe7cb833a8cc71191352cf03b

In function pcie_add_capability, an assert contains the
"offset < offset + size" expression.
Both variable offset and variable size are uint16_t,
the comparison is always true due to type promotion.
The next expression may be the same.

It might be like this:
Thread 1 "qemu-system-x86" hit Breakpoint 1, pcie_add_capability (
    dev=0x555557ce5f10, cap_id=1, cap_ver=2 '\002', offset=256, size=72)
    at ../hw/pci/pcie.c:930
930	{
(gdb) n
931	    assert(offset >= PCI_CONFIG_SPACE_SIZE);
(gdb) n
932	    assert(offset < offset + size);
(gdb) p offset
$1 = 256
(gdb) p offset < offset + size
$2 = 1
(gdb) set offset=65533
(gdb) p offset < offset + size
$3 = 1
(gdb) p offset < (uint16_t)(offset + size)
$4 = 0

Signed-off-by: Daniella Lee <daniellalee111@gmail.com>
Message-Id: <20211126061324.47331-1-daniellalee111@gmail.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-11-29 08:49:36 -05:00
..
9pfs 9pfs: use P9Array in v9fs_walk() 2021-10-27 14:45:22 +02:00
acpi failover: fix unplug pending detection 2021-11-28 17:03:52 -05:00
adc hw/adc: Add basic Aspeed ADC model 2021-10-12 08:20:08 +02:00
alpha hw/alpha: Provide a PCI-ISA bridge device node 2021-06-28 07:27:32 -07:00
arm hw/arm/virt: Rename default_bus_bypass_iommu 2021-11-02 14:14:55 -04:00
audio qbus: Rename qbus_create_inplace() to qbus_init() 2021-09-30 13:42:10 +01:00
avr
block qbus: Rename qbus_create_inplace() to qbus_init() 2021-09-30 13:42:10 +01:00
char escc: update the R_SPEC register SPEC_ALLSENT bit when writing to W_TXCTRL1 2021-11-21 09:56:52 +00:00
core hw/nvme: change nvme-ns 'shared' default 2021-11-19 07:31:56 +01:00
cpu
cris
display macfb: fix a memory leak (CID 1465231) 2021-11-09 16:42:49 +01:00
dma hw/dma: sifive_pdma: Don't run DMA when channel is disclaimed 2021-10-07 08:41:33 +10:00
gpio hw: aspeed_gpio: Fix GPIO array indexing 2021-10-12 08:20:08 +02:00
hppa
hyperv qbus: Rename qbus_create() to qbus_new() 2021-09-30 13:44:08 +01:00
i2c aspeed/i2c: QOMify AspeedI2CBus 2021-10-12 08:20:08 +02:00
i386 intel-iommu: ignore leaf SNP bit in scalable mode 2021-11-29 08:49:36 -05:00
ide ide: Cap LBA28 capacity announcement to 2^28-1 2021-11-02 13:02:46 +01:00
input hw/input/lasips2: Fix typos in function names 2021-10-31 21:05:40 +01:00
intc hw/intc/arm_gicv3_its: Revert version increments in vmstate_its 2021-11-22 18:17:19 +00:00
ipack qbus: Rename qbus_create_inplace() to qbus_init() 2021-09-30 13:42:10 +01:00
ipmi ipmi/sim: fix watchdog_expired data type error in IPMIBmcSim struct 2021-07-08 14:15:01 -05:00
isa vt82c686: Add a method to VIA_ISA to raise ISA interrupts 2021-10-18 00:41:36 +02:00
m68k m68k pull request 20211109 2021-11-09 13:16:56 +01:00
mem hw/mem/pc-dimm: Restrict NUMA-specific code to NUMA machines 2021-11-11 03:13:05 -05:00
microblaze
mips hw/mips/boston: Add FDT generator 2021-10-18 00:41:36 +02:00
misc hw/misc/sifive_u_otp: Do not reset OTP content on hardware reset 2021-11-22 10:46:22 +10:00
net net: vmxnet3: validate configuration values during activate (CVE-2021-20203) 2021-11-19 11:43:47 +08:00
nios2
nubus qbus: Rename qbus_create_inplace() to qbus_init() 2021-09-30 13:42:10 +01:00
nvme hw/nvme: fix buffer overrun in nvme_changed_nslist (CVE-2021-3947) 2021-11-19 07:32:19 +01:00
nvram hw/nvram: Fix Memory Leak in Xilinx ZynqMP eFuse device 2021-10-23 18:50:33 +02:00
openrisc
pci Fix bad overflow check in hw/pci/pcie.c 2021-11-29 08:49:36 -05:00
pci-bridge qdev: Make DeviceState.id independent of QemuOpts 2021-10-15 16:06:35 +02:00
pci-host hw/sh4: Coding style: White space fixes 2021-10-30 11:46:40 +02:00
pcmcia
ppc spapr_numa.c: fix FORM1 distance-less nodes 2021-11-10 13:48:13 +01:00
rdma qapi: introduce x-query-rdma QMP command 2021-11-02 15:55:14 +00:00
remote hw/remote/proxy: Categorize Wireless devices as 'Network' ones 2021-10-04 09:47:26 +02:00
riscv hw/riscv: opentitan: Fixup the PLIC context addresses 2021-10-28 14:39:23 +10:00
rtc hw/rtc/pl031: Send RTC_CHANGE QMP event 2021-11-15 18:53:00 +00:00
rx
s390x pci: Export pci_for_each_device_under_bus*() 2021-11-01 19:36:11 -04:00
scsi esp: ensure that async_len is reset to 0 during esp_hard_reset() 2021-11-19 10:14:30 +01:00
sd hw/sd: add nuvoton MMC 2021-11-02 14:14:55 -04:00
sensor hw/misc: Add Infineon DPS310 sensor model 2021-09-20 08:50:59 +02:00
sh4 hw/intc/sh_intc: Inline and drop sh_intc_source() function 2021-10-30 18:39:37 +02:00
smbios
sparc sun4m: fix setting CPU id when more than one CPU is present 2021-09-08 11:09:45 +01:00
sparc64 hw/block/fdc: Extract ISA floppy controllers to fdc-isa.c 2021-06-25 08:53:28 -04:00
ssi aspeed/smc: Use a container for the flash mmio address space 2021-10-22 09:52:17 +02:00
timer hw/timer/sh_timer: Remove use of hw_error 2021-10-30 18:39:37 +02:00
tpm tpm: mark correct memory region range dirty when clearing RAM 2021-10-02 08:43:21 +02:00
tricore hw/tricore: fix inclusion of tricore_testboard 2021-07-20 20:10:21 +02:00
usb Initial conversion of HMP debugging commands to QMP 2021-11-03 08:04:32 -04:00
vfio vfio: Fix memory leak of hostwin 2021-11-17 11:25:55 -07:00
virtio virtio-balloon: correct used length 2021-11-29 08:49:36 -05:00
watchdog watchdog: remove select_watchdog_action 2021-11-02 15:57:27 +01:00
xen pci: Export pci_for_each_device_under_bus*() 2021-11-01 19:36:11 -04:00
xenpv
xtensa
Kconfig hw/arm: xlnx-zcu102: Add Xilinx eFUSE device 2021-09-30 13:42:10 +01:00
meson.build sensor: Move hardware sensors from misc to a sensor directory 2021-06-17 07:10:32 -05:00