From bd042352cd9a5915697978bf71fa68feb7b46df2 Mon Sep 17 00:00:00 2001
From: Yonghua Huang <yonghua.huang@intel.com>
Date: Fri, 19 Oct 2018 16:31:46 +0800
Subject: [PATCH] hv: fix potential buffer overflow in vpic_set_pinstate()

Input 'pin' should be less than 'NR_VPIC_PINS_TOTAL'

Tracked-On: #1479
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
---
 hypervisor/dm/vpic.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/hypervisor/dm/vpic.c b/hypervisor/dm/vpic.c
index ccc68c8c2..6be476674 100644
--- a/hypervisor/dm/vpic.c
+++ b/hypervisor/dm/vpic.c
@@ -405,6 +405,10 @@ static void vpic_set_pinstate(struct acrn_vpic *vpic, uint8_t pin,
 	uint8_t old_lvl;
 	bool lvl_trigger;
 
+	if (pin >= NR_VPIC_PINS_TOTAL) {
+		return;
+	}
+
 	i8259 = &vpic->i8259[pin >> 3U];
 	old_lvl = i8259->pin_state[pin & 0x7U];
 	if (level) {