From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:38066) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Ui4ic-0004sz-Dn for qemu-devel@nongnu.org; Thu, 30 May 2013 11:24:51 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Ui4iU-0001P1-IB for qemu-devel@nongnu.org; Thu, 30 May 2013 11:24:46 -0400 Received: from cantor2.suse.de ([195.135.220.15]:44577 helo=mx2.suse.de) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Ui4iU-0001N2-BY for qemu-devel@nongnu.org; Thu, 30 May 2013 11:24:38 -0400 Message-ID: <51A76F33.2070606@suse.de> Date: Thu, 30 May 2013 17:24:35 +0200 From: =?ISO-8859-15?Q?Andreas_F=E4rber?= MIME-Version: 1.0 References: <1369926574-27285-1-git-send-email-imammedo@redhat.com> In-Reply-To: <1369926574-27285-1-git-send-email-imammedo@redhat.com> Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable Subject: Re: [Qemu-devel] [PATCH] target-i386: pc: fix crash when attempting hotplug CPU with negative ID List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Igor Mammedov Cc: qemu-devel@nongnu.org Am 30.05.2013 17:09, schrieb Igor Mammedov: > QMP command "{ 'execute': 'cpu-add', 'arguments': { 'id': -1 }}" may ca= use > QEMU SIGSEGV at: > piix4_cpu_hotplug_req () > ... > g->sts[cpu_id / 8] |=3D (1 << (cpu_id % 8)); > ... >=20 > Since for PC in current implementation id should be in range [0...maxcp= us) > and maxcpus already checked, add check for lower bound and error out > on incorrect value. >=20 > Signed-off-by: Igor Mammedov > --- > hw/i386/pc.c | 5 +++++ > 1 files changed, 5 insertions(+), 0 deletions(-) Thanks, applied to qom-cpu (with commit message massaged a bit): https://github.com/afaerber/qemu-cpu/commits/qom-cpu Andreas --=20 SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 N=FCrnberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imend=F6rffer; HRB 16746 AG N=FCrnbe= rg