mirror of https://gitee.com/openkylin/qemu.git
usb-host: don't dereference invalid iovecs
usb-host assumes the first iovec element is always valid. In case of a zero-length packet this isn't true though. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This commit is contained in:
parent
6d7aeeeb89
commit
818d59dc17
|
@ -884,16 +884,16 @@ static int usb_host_handle_data(USBDevice *dev, USBPacket *p)
|
|||
}
|
||||
|
||||
v = 0;
|
||||
prem = p->iov.iov[v].iov_len;
|
||||
pbuf = p->iov.iov[v].iov_base;
|
||||
prem = 0;
|
||||
pbuf = NULL;
|
||||
rem = p->iov.size;
|
||||
while (rem) {
|
||||
if (prem == 0) {
|
||||
v++;
|
||||
assert(v < p->iov.niov);
|
||||
prem = p->iov.iov[v].iov_len;
|
||||
pbuf = p->iov.iov[v].iov_base;
|
||||
assert(prem <= rem);
|
||||
v++;
|
||||
}
|
||||
aurb = async_alloc(s);
|
||||
aurb->packet = p;
|
||||
|
|
Loading…
Reference in New Issue