QEMU

ohci doesn't check the 'num-ports' property

Bug #1581308 reported by Li Qiang on 2016-05-13

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	QEMU	Fix Released	Undecided	Unassigned

Bug Description

command:
qemu-system-x86_64 -m 1024 -enable-kvm /root/centos6.img -enable-kvm -device pci-ohci,num-ports=100,masterbus=1

The ohci doesn't check the 'num-ports' property and would case an out-of-bands write,crash the qemu process.

    ohci->num_ports = num_ports;
    if (masterbus) {
        USBPort *ports[OHCI_MAX_PORTS];
        for(i = 0; i < num_ports; i++) {
            ports[i] = &ohci->rhport[i].port;
        }

The version of qemu is 2.6.0 release from
http://wiki.qemu-project.org/download/qemu-2.6.0.tar.bz2

Revision history for this message

Thomas Huth (th-huth) wrote on 2016-05-23:

I was able to reproduce the crash, and proposed now a fix on the qemu-devel mailing list (see https://patchwork.ozlabs.org/patch/625092/ for details)

Revision history for this message

Thomas Huth (th-huth) wrote on 2016-05-23:

The fix has been included in the repository:

http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d400fc018b326104d26

Thanks for reporting the issue!

Changed in qemu:
status:	New → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.