On Thu, Oct 24, 2019 at 05:09:28AM -0400, Jagannathan Raman wrote: > @@ -93,7 +94,8 @@ static void process_config_write(MPQemuMsg *msg) > struct conf_data_msg *conf = (struct conf_data_msg *)msg->data2; > > qemu_mutex_lock_iothread(); > - pci_default_write_config(remote_pci_dev, conf->addr, conf->val, conf->l); > + pci_default_write_config(remote_pci_devs[msg->id], conf->addr, conf->val, > + conf->l); > qemu_mutex_unlock_iothread(); > } > > @@ -106,7 +108,8 @@ static void process_config_read(MPQemuMsg *msg) > wait = msg->fds[0]; > > qemu_mutex_lock_iothread(); > - val = pci_default_read_config(remote_pci_dev, conf->addr, conf->l); > + val = pci_default_read_config(remote_pci_devs[msg->id], conf->addr, > + conf->l); > qemu_mutex_unlock_iothread(); > > notify_proxy(wait, val);
msg->id was read from a socket and hasn't been validated before indexing into remote_pci_devs[].
signature.asc
Description: PGP signature
