Commit 962d4b28 authored by Blue Swirl's avatar Blue Swirl
Browse files

fw_cfg: fix crash if FW_CFG_WRITE_CHANNEL is used incorrectly 



Avoid a crash if the guest combines FW_CFG_WRITE_CHANNEL with
a wrong value.

Signed-off-by: default avatarBlue Swirl <blauwirbel@gmail.com>
parent 9f8d2a09

hw/fw_cfg.c

+2 −1
Original line number Diff line number Diff line
@@ -214,7 +214,8 @@ static void fw_cfg_write(FWCfgState *s, uint8_t value) 


    FW_CFG_DPRINTF("write %d\n", value);



    if (s->cur_entry & FW_CFG_WRITE_CHANNEL && s->cur_offset < e->len) {

    if (s->cur_entry & FW_CFG_WRITE_CHANNEL && e->callback &&

        s->cur_offset < e->len) {

        e->data[s->cur_offset++] = value;

        if (s->cur_offset == e->len) {

            e->callback(e->callback_opaque, e->data);