pci_irq_handler documents that it must be called with 0 <= irq_num <=
3 and level either 0 or 1. Add assertions that the caller has passed
us in valid arguments.
In particular, if a device model fails to set the PCI_INTERRUPT_PIN
field in its config space correctly to indicate that it has an
interrupt, and then tries to raise an interrupt (either by calling
pci_set_irq(), or by getting a qemu_irq from pci_allocate_irq() and
then calling qemu_set_irq() on that) we will now diagnose this device
model bug with an assertion rather than engaging in the undefined
behaviour of shifting by a negative number.
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
---
hw/pci/pci.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/hw/pci/pci.c b/hw/pci/pci.c
index 0eadcdbc9ec..38aefe22ab3 100644
--- a/hw/pci/pci.c
+++ b/hw/pci/pci.c
@@ -1449,6 +1449,9 @@ static void pci_irq_handler(void *opaque, int irq_num,
int level)
PCIDevice *pci_dev = opaque;
int change;
+ assert(irq_num >= 0 && irq_num < PCI_NUM_PINS);
+ assert(level == 0 || level == 1);
+
change = level - pci_irq_state(pci_dev, irq_num);
if (!change)
return;
--
2.20.1
