On Wed, Feb 21, 2018 at 12:11:00PM +0100, Gerd Hoffmann wrote:
> > > +static void usb_mtp_write_data(MTPState *s)
> > > +{
> > > + MTPData *d = s->data_out;
> > > + MTPObject *parent =
> > > + usb_mtp_object_lookup(s, s->dataset.parent_handle);
> > > + char *path = NULL;
> > > + int rc = -1;
> > > + mode_t mask = 0644;
> > > +
> > > + assert(d != NULL);
> > > +
> >
> >
> > Somewhere in here should surely be validating the "readonly" flag.
> >
> > > + if (parent == NULL || !s->write_pending) {
>
> Does happens here. With a readonly device write_pending should
> never be true.
Unless I'm mis-understanding the flow, the next patch appears to set
write_pending = true, in response to a guest command, without checking
the readonly flag.
>
> > > + usb_mtp_queue_result(s, RES_INVALID_OBJECTINFO, d->trans,
> > > + 0, 0, 0, 0);
> > > + return;
> > > + }
>
> But adding an "assert(!readonly)" here as double-check surely doesn't hurt.
>
> cheers,
> Gerd
>
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
