From: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Date: Sat, 24 Oct 2020 20:39:00 +0000 (+0200)
Subject: pci: Assert irqnum is between 0 and bus->nirqs in pci_bus_change_irq_level
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=459ca8bfa41b42b9d80739929f09f792207f15f3;p=qemu.git

pci: Assert irqnum is between 0 and bus->nirqs in pci_bus_change_irq_level

These assertions similar to those in the adjacent pci_bus_get_irq_level()
function ensure that irqnum lies within the valid PCI bus IRQ range.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20201011082022.3016-1-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20201024203900.3619498-3-f4bug@amsat.org>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---

diff --git a/hw/pci/pci.c b/hw/pci/pci.c
index 081ddcadd1..dc4019865b 100644
--- a/hw/pci/pci.c
+++ b/hw/pci/pci.c
@@ -250,6 +250,8 @@ static inline void pci_set_irq_state(PCIDevice *d, int irq_num, int level)
 
 static void pci_bus_change_irq_level(PCIBus *bus, int irq_num, int change)
 {
+    assert(irq_num >= 0);
+    assert(irq_num < bus->nirq);
     bus->irq_count[irq_num] += change;
     bus->set_irq(bus->irq_opaque, irq_num, bus->irq_count[irq_num] != 0);
 }