diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2014-05-07 14:51:21 +0100 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2014-05-07 14:51:21 +0100 |
| commit | c9541f67df48b2c01c4a3d0d7b719b51c6ac9f38 (patch) | |
| tree | f8ad04d1c144321bc43dcee27f0cf29c8c8f837f /hw/input/tsc210x.c | |
| parent | 7f8fea8b3d31ca396eb3c88bf97b543a86773774 (diff) | |
| parent | 8bc3923343e91902ca541112b3bdb5448f8d288e (diff) | |
| download | hqemu-c9541f67df48b2c01c4a3d0d7b719b51c6ac9f38.zip hqemu-c9541f67df48b2c01c4a3d0d7b719b51c6ac9f38.tar.gz | |
Merge remote-tracking branch 'remotes/juanquintela/tags/migration/20140505' into staging
migration/next for 20140505
# gpg: Signature made Mon 05 May 2014 21:27:24 BST using RSA key ID 5872D723
# gpg: Can't check signature: public key not found
* remotes/juanquintela/tags/migration/20140505: (36 commits)
migration: expose xbzrle cache miss rate
migration: expose the bitmap_sync_count to the end
migration: Add counts of updating the dirty bitmap
XBZRLE: Fix one XBZRLE corruption issues
migration: remove duplicate code
Coverity: Fix failure path for qemu_accept in migration
Init the XBZRLE.lock in ram_mig_init
Provide init function for ram migration
Count used RAMBlock pages for migration_dirty_pages
Make qemu_peek_buffer loop until it gets it's data
Disallow outward migration while awaiting incoming migration
virtio: validate config_len on load
virtio-net: out-of-bounds buffer write on load
openpic: avoid buffer overrun on incoming migration
ssi-sd: fix buffer overrun on invalid state load
savevm: Ignore minimum_version_id_old if there is no load_state_old
usb: sanity check setup_index+setup_len in post_load
vmstate: s/VMSTATE_INT32_LE/VMSTATE_INT32_POSITIVE_LE/
virtio-scsi: fix buffer overrun on invalid state load
zaurus: fix buffer overrun on invalid state load
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'hw/input/tsc210x.c')
| -rw-r--r-- | hw/input/tsc210x.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/hw/input/tsc210x.c b/hw/input/tsc210x.c index 485c9e5..aa5b688 100644 --- a/hw/input/tsc210x.c +++ b/hw/input/tsc210x.c @@ -1070,9 +1070,21 @@ static int tsc210x_load(QEMUFile *f, void *opaque, int version_id) s->enabled = qemu_get_byte(f); s->host_mode = qemu_get_byte(f); s->function = qemu_get_byte(f); + if (s->function < 0 || s->function >= ARRAY_SIZE(mode_regs)) { + return -EINVAL; + } s->nextfunction = qemu_get_byte(f); + if (s->nextfunction < 0 || s->nextfunction >= ARRAY_SIZE(mode_regs)) { + return -EINVAL; + } s->precision = qemu_get_byte(f); + if (s->precision < 0 || s->precision >= ARRAY_SIZE(resolution)) { + return -EINVAL; + } s->nextprecision = qemu_get_byte(f); + if (s->nextprecision < 0 || s->nextprecision >= ARRAY_SIZE(resolution)) { + return -EINVAL; + } s->filter = qemu_get_byte(f); s->pin_func = qemu_get_byte(f); s->ref = qemu_get_byte(f); |
