From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1GpQoI-0004dz-KF for qemu-devel@nongnu.org; Wed, 29 Nov 2006 09:53:18 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1GpQoE-0004Zc-Sb for qemu-devel@nongnu.org; Wed, 29 Nov 2006 09:53:15 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1GpQoD-0004ZQ-VV for qemu-devel@nongnu.org; Wed, 29 Nov 2006 09:53:14 -0500 Received: from [64.233.184.239] (helo=wr-out-0506.google.com) by monty-python.gnu.org with esmtp (Exim 4.52) id 1GpQoC-0006j0-PO for qemu-devel@nongnu.org; Wed, 29 Nov 2006 09:53:13 -0500 Received: by wr-out-0506.google.com with SMTP id 58so642145wri for ; Wed, 29 Nov 2006 06:51:24 -0800 (PST) Message-ID: Date: Wed, 29 Nov 2006 14:51:24 +0000 From: "andrzej zaborowski" Sender: balrogg@gmail.com Subject: Re: [Qemu-devel] qemu/pci: Unaligned config read/write overflow In-Reply-To: <20061128040441.GA7506@gondor.apana.org.au> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20061128040441.GA7506@gondor.apana.org.au> Reply-To: balrogg@gmail.com, qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: Xen Development Mailing List , Keir Fraser Hi, On 28/11/06, Herbert Xu wrote: > The default config read/write handlers allows a 4-byte read/write at > address 255. This can clobber the field after the config area. This > happens to be the PCIBus pointer in the PCIDevice structure. An easier way to prevent the clobbering is grow PCIDevice::config by three bytes. Regards, Andrew