From: Marc-André Lureau <marcandre.lureau@redhat.com>
Date: Fri, 19 Jun 2015 11:00:32 +0000 (+0200)
Subject: ivhsmem: read do not accept more than sizeof(long)
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=b8ab854b27e9b88d9b85b4c572049b29cb96de43;p=qemu.git

ivhsmem: read do not accept more than sizeof(long)

ivshmem_read() only reads sizeof(long) from the input buffer.  Accepting
more could lead to fifo8 abort() on 32bit systems if fifo is not empty.

A following patch will change the protocol to 64-bit little-endian
instead.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
---

diff --git a/hw/misc/ivshmem.c b/hw/misc/ivshmem.c
index cc76989a39..fb53b3ff33 100644
--- a/hw/misc/ivshmem.c
+++ b/hw/misc/ivshmem.c
@@ -272,7 +272,7 @@ static void ivshmem_receive(void *opaque, const uint8_t *buf, int size)
 
 static int ivshmem_can_receive(void * opaque)
 {
-    return 8;
+    return sizeof(long);
 }
 
 static void ivshmem_event(void *opaque, int event)