hw/isa: specify instance_size in isa_superio_type_info

Right now all subclasses of TYPE_ISA_SUPERIO have to specify an instance_size, because the ISASuperIODevice struct adds fields to ISADevice but the type does not include the increased instance size. Failure to do so results in an access past the bounds of struct ISADevice as soon as isa_superio_realize is called. Fix this by specifying the instance_size already in the superclass. Fixes: 4c3119a ("hw/isa/superio: Factor out the parallel code from pc87312.c") Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Bernhard Beschow <shentey@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Message-ID: <20240213155005.109954-6-pbonzini@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
qemu · Feb 15, 2024 · 413d0cc · 413d0cc
1 parent cf5f5f9
commit 413d0cc
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 2 deletions.
diff --git a/hw/isa/isa-superio.c b/hw/isa/isa-superio.c
@@ -185,6 +185,7 @@ static const TypeInfo isa_superio_type_info = {
     .abstract = true,
     .class_size = sizeof(ISASuperIOClass),
     .class_init = isa_superio_class_init,
+    .instance_size = sizeof(ISASuperIODevice),
 };
 
 /* SMS FDC37M817 Super I/O */
@@ -201,7 +202,6 @@ static void fdc37m81x_class_init(ObjectClass *klass, void *data)
 static const TypeInfo fdc37m81x_type_info = {
     .name          = TYPE_FDC37M81X_SUPERIO,
     .parent        = TYPE_ISA_SUPERIO,
-    .instance_size = sizeof(ISASuperIODevice),
     .class_init    = fdc37m81x_class_init,
 };
 

diff --git a/hw/isa/smc37c669-superio.c b/hw/isa/smc37c669-superio.c
@@ -103,7 +103,6 @@ static void smc37c669_class_init(ObjectClass *klass, void *data)
 static const TypeInfo smc37c669_type_info = {
     .name          = TYPE_SMC37C669_SUPERIO,
     .parent        = TYPE_ISA_SUPERIO,
-    .instance_size = sizeof(ISASuperIODevice),
     .class_size    = sizeof(ISASuperIOClass),
     .class_init    = smc37c669_class_init,
 };