From 632097778865e892daab593d6044ff3823fbb4c7 Mon Sep 17 00:00:00 2001
From: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
Date: Fri, 21 Apr 2023 11:07:54 +0000
Subject: [PATCH] dm: gvt: add bound check in gvt_init_config()

gvt_init_config() may perform out-of-range read on host_config, add
bound check before accessing it.

Tracked-On: #8382
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
Reviewed-by: Jian Jun Chen <jian.jun.chen@intel.com>
---
 devicemodel/hw/pci/gvt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/devicemodel/hw/pci/gvt.c b/devicemodel/hw/pci/gvt.c
index 967a5f7453..cea1f5863f 100644
--- a/devicemodel/hw/pci/gvt.c
+++ b/devicemodel/hw/pci/gvt.c
@@ -256,7 +256,7 @@ gvt_init_config(struct pci_gvt *gvt)
 	/* capability */
 	pci_set_cfgdata8(gvt->gvt_pi, PCIR_CAP_PTR, gvt->host_config[0x34]);
 	cap_ptr = gvt->host_config[0x34];
-	while (cap_ptr != 0) {
+	while (cap_ptr != 0 && cap_ptr <= PCI_REGMAX - 15) {
 		pci_set_cfgdata32(gvt->gvt_pi, cap_ptr,
 			gvt->host_config[cap_ptr]);
 		pci_set_cfgdata32(gvt->gvt_pi, cap_ptr + 4,