usb-host: don't dereference invalid iovecs

usb-host assumes the first iovec element is always valid.
In case of a zero-length packet this isn't true though.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This commit is contained in:
Gerd Hoffmann 2012-04-19 13:35:07 +02:00
parent 6d7aeeeb89
commit 818d59dc17
1 changed files with 3 additions and 3 deletions

View File

@ -884,16 +884,16 @@ static int usb_host_handle_data(USBDevice *dev, USBPacket *p)
}
v = 0;
prem = p->iov.iov[v].iov_len;
pbuf = p->iov.iov[v].iov_base;
prem = 0;
pbuf = NULL;
rem = p->iov.size;
while (rem) {
if (prem == 0) {
v++;
assert(v < p->iov.niov);
prem = p->iov.iov[v].iov_len;
pbuf = p->iov.iov[v].iov_base;
assert(prem <= rem);
v++;
}
aurb = async_alloc(s);
aurb->packet = p;