acpi: Assert sts array limit on AcpiCpuHotplug_add()

AcpiCpuHotplug_add() can't handle vCPU arch IDs larger than ACPI_CPU_HOTPLUG_ID_LIMIT. Instead of corrupting memory in case the vCPU ID is too large, use g_assert() to ensure we are not over the limit. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
author: Eduardo Habkost <ehabkost@redhat.com> 2014-03-14 16:33:52 -0300
committer: Michael S. Tsirkin <mst@redhat.com> 2014-03-18 16:08:43 +0200
commit: 39ee3af3a85fedb55b9eeb1a0bc81a2460eeaa01 (patch)
tree: d98a5707aadaf29780a7d9baf676279e086bab5a /hw/acpi
parent: 5ff020b7b02dce36a66c106df986ff68f8452542 (diff)
download: qemu-39ee3af3a85fedb55b9eeb1a0bc81a2460eeaa01.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/hw/acpi/cpu_hotplug.c b/hw/acpi/cpu_hotplug.c
index 48928dc0ea..2ad83a0ede 100644
--- a/hw/acpi/cpu_hotplug.c
+++ b/hw/acpi/cpu_hotplug.c
@@ -43,6 +43,7 @@ void AcpiCpuHotplug_add(ACPIGPE *gpe, AcpiCpuHotplug *g, CPUState *cpu)
 
     *gpe->sts = *gpe->sts | ACPI_CPU_HOTPLUG_STATUS;
     cpu_id = k->get_arch_id(CPU(cpu));
+    g_assert((cpu_id / 8) < ACPI_GPE_PROC_LEN);
     g->sts[cpu_id / 8] |= (1 << (cpu_id % 8));
 }
author	Eduardo Habkost <ehabkost@redhat.com>	2014-03-14 16:33:52 -0300
committer	Michael S. Tsirkin <mst@redhat.com>	2014-03-18 16:08:43 +0200
commit	39ee3af3a85fedb55b9eeb1a0bc81a2460eeaa01 (patch)
tree	d98a5707aadaf29780a7d9baf676279e086bab5a /hw/acpi
parent	5ff020b7b02dce36a66c106df986ff68f8452542 (diff)
download	qemu-39ee3af3a85fedb55b9eeb1a0bc81a2460eeaa01.tar.gz