diff options
| author | Alon Levy <alevy@redhat.com> | 2012-02-26 17:09:21 +0100 |
|---|---|---|
| committer | Gerd Hoffmann <kraxel@redhat.com> | 2012-02-27 13:37:36 +0100 |
| commit | 8db36e9dddb1b6fab3554a8c00d92268b33a487b (patch) | |
| tree | 303227f25d7569061e9636bdcb5e4f007cb2e0fb /qapi/qmp-output-visitor.c | |
| parent | aa0568ff2559d7717f4684af6a83d0bd1a125f56 (diff) | |
| download | hqemu-8db36e9dddb1b6fab3554a8c00d92268b33a487b.zip hqemu-8db36e9dddb1b6fab3554a8c00d92268b33a487b.tar.gz | |
usb-desc: fix user trigerrable segfaults (!config)
Check for dev->config being NULL in two places:
USB_REQ_GET_CONFIGURATION and USB_REQ_GET_STATUS.
The behavior of USB_REQ_GET_STATUS is unspecified in the Default state,
that corresponds to dev->config being NULL (it defaults to NULL and is
reset whenever a SET_CONFIGURATION with value 0, or attachment). I
implemented it to correspond with the state before
ed5a83ddd8c1d8ec7b1015315530cf29949e7c48, the commit moving SET_STATUS
to usb-desc; if dev->config is not set we return whatever is in the
first configuration.
The behavior of USB_REQ_GET_CONFIGURATION is also undefined before any
SET_CONFIGURATION, but here we just return 0 (same as specified for the
Address state).
A win7 guest failed to initialize the device before this patch,
segfaulting when GET_STATUS was called with dev->config == NULL. With
this patch the passthrough device still doesn't work but the failure is
unrelated.
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Diffstat (limited to 'qapi/qmp-output-visitor.c')
0 files changed, 0 insertions, 0 deletions
