ide: atapi: assert that the buffer pointer is in range - bwlp/qemu.git - Experimental fork of QEMU with video encoding patches

diff options

author	Paolo Bonzini	2020-12-01 13:09:26 +0100
committer	Peter Maydell	2020-12-01 16:23:05 +0100
commit	813212288970c39b1800f63e83ac6e96588095c6 (patch)
tree	401c2c4cdb589d8e17130f80296b5f5f58efa143 /VERSION
parent	hw/net/dp8393x: fix integer underflow in dp8393x_do_transmit_packets() (diff)
download	qemu-813212288970c39b1800f63e83ac6e96588095c6.tar.gz qemu-813212288970c39b1800f63e83ac6e96588095c6.tar.xz qemu-813212288970c39b1800f63e83ac6e96588095c6.zip

ide: atapi: assert that the buffer pointer is in range

A case was reported where s->io_buffer_index can be out of range. The report skimped on the details but it seems to be triggered by s->lba == -1 on the READ/READ CD paths (e.g. by sending an ATAPI command with LBA = 0xFFFFFFFF). For now paper over it with assertions. The first one ensures that there is no overflow when incrementing s->io_buffer_index, the second checks for the buffer overrun. Note that the buffer overrun is only a read, so I am not sure if the assertion failure is actually less harmful than the overrun. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Message-id: 20201201120926.56559-1-pbonzini@redhat.com Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Diffstat (limited to 'VERSION')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: