23 lines
696 B
Diff
23 lines
696 B
Diff
|
CVE-2017-8112
|
||
|
|
||
|
https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04494.html
|
||
|
---
|
||
|
hw/scsi/vmw_pvscsi.c | 2 +-
|
||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||
|
|
||
|
diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
|
||
|
index 7557546..4a106da 100644
|
||
|
--- a/hw/scsi/vmw_pvscsi.c
|
||
|
+++ b/hw/scsi/vmw_pvscsi.c
|
||
|
@@ -202,7 +202,7 @@ pvscsi_ring_init_msg(PVSCSIRingInfo *m, PVSCSICmdDescSetupMsgRing *ri)
|
||
|
uint32_t len_log2;
|
||
|
uint32_t ring_size;
|
||
|
|
||
|
- if (ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) {
|
||
|
+ if (!ri->numPages || ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) {
|
||
|
return -1;
|
||
|
}
|
||
|
ring_size = ri->numPages * PVSCSI_MAX_NUM_MSG_ENTRIES_PER_PAGE;
|
||
|
--
|
||
|
2.9.3
|