From patchwork Thu Dec 8 06:36:15 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: Fix parse of usb device description with multiple configurations Date: Wed, 07 Dec 2011 20:36:15 -0000 From: Mars.cao X-Patchwork-Id: 130100 Message-Id: <1323326175-25184-1-git-send-email-mars@linux.vnet.ibm.com> To: qemu-devel@nongnu.org Cc: "Cao,Bing Bu" , kraxel@redhat.com When testing ipod on QEMU by He Jie Xu,qemu made a assertion. We found that the ipod with 2 configurations,and the usb-linux did not parse the descriptor correctly. The descr_len returned is the total length of the all configurations,not one configuration. The older version will through the other configurations instead of skip,continue parsing the descriptor of interfaces/endpoints in other configurations,then went wrong. This patch will put the configuration descriptor parse in loop outside and dispel the other configurations not requested. Signed-off-by: Cao,Bing Bu --- usb-linux.c | 20 ++++++++++++-------- 1 files changed, 12 insertions(+), 8 deletions(-) diff --git a/usb-linux.c b/usb-linux.c index ab4c693..a53b558 100644 --- a/usb-linux.c +++ b/usb-linux.c @@ -1141,15 +1141,19 @@ static int usb_linux_update_endp_table(USBHostDevice *s) length = s->descr_len - 18; i = 0; - if (descriptors[i + 1] != USB_DT_CONFIG || - descriptors[i + 5] != s->configuration) { - fprintf(stderr, "invalid descriptor data - configuration %d\n", - s->configuration); - return 1; - } - i += descriptors[i]; - while (i < length) { + if (descriptors[i + 1] != USB_DT_CONFIG) { + fprintf(stderr, "invalid descriptor data\n"); + return 1; + } else if (descriptors[i + 5] != s->configuration) { + fprintf(stderr, "not requested configuration %d\n", + s->configuration); + i += (descriptors[i + 3] << 8) + descriptors[i + 2]; + continue; + } + + i += descriptors[i]; + if (descriptors[i + 1] != USB_DT_INTERFACE || (descriptors[i + 1] == USB_DT_INTERFACE && descriptors[i + 4] == 0)) {