From: Igor Mammedov <imammedo@redhat.com>
Date: Thu, 30 May 2013 15:09:34 +0000 (+0200)
Subject: pc: Fix crash when attempting to hotplug CPU with negative ID
X-Git-Tag: v1.6.0-rc0~233^2~15
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8de433cb0820dc1f387a2d580d255744aacd60cc;p=thirdparty%2Fqemu.git

pc: Fix crash when attempting to hotplug CPU with negative ID

QMP command "{ 'execute': 'cpu-add', 'arguments': { 'id': -1 }}" may cause
QEMU SIGSEGV at:
 piix4_cpu_hotplug_req ()
    ...
    g->sts[cpu_id / 8] |= (1 << (cpu_id % 8));
    ...

Since for PC in current implementation id should be in range [0...maxcpus)
and maxcpus is already checked, add check for lower bound and error out
on incorrect value.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
---

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 4844a6b3708..553becbd42f 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -927,6 +927,11 @@ void pc_hot_add_cpu(const int64_t id, Error **errp)
     DeviceState *icc_bridge;
     int64_t apic_id = x86_cpu_apic_id_from_index(id);
 
+    if (id < 0) {
+        error_setg(errp, "Invalid CPU id: %" PRIi64, id);
+        return;
+    }
+
     if (cpu_exists(apic_id)) {
         error_setg(errp, "Unable to add CPU: %" PRIi64
                    ", it already exists", id);