When too many consoles are created, vcs[] may be write out-of-bounds.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id:
20161207105511.25173-1-marcandre.lureau@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
ChardevCommon *common = qapi_ChardevVC_base(vc);
CharDriverState *chr;
+ if (nb_vcs == MAX_VCS) {
+ error_setg(errp, "Maximum number of consoles reached");
+ return NULL;
+ }
+
chr = qemu_chr_alloc(common, errp);
if (!chr) {
return NULL;