hw/block/nvme: fix ns attachment out-of-bounds read - bwlp/qemu.git - Experimental fork of QEMU with video encoding patches

diff options

author	Klaus Jensen	2021-04-07 06:54:34 +0200
committer	Klaus Jensen	2021-04-07 10:48:32 +0200
commit	8eb5c8069a5ccb8dadf35765b6f9cca10fb98b84 (patch)
tree	b4dad370abf0c6231bfbffa480c00364cef2b2ac /hw/net/tulip.h
parent	hw/block/nvme: add missing copyright headers (diff)
download	qemu-8eb5c8069a5ccb8dadf35765b6f9cca10fb98b84.tar.gz qemu-8eb5c8069a5ccb8dadf35765b6f9cca10fb98b84.tar.xz qemu-8eb5c8069a5ccb8dadf35765b6f9cca10fb98b84.zip

hw/block/nvme: fix ns attachment out-of-bounds read

nvme_ns_attachment() does not verify the contents of the host-supplied 16 bit "Number of Identifiers" field in the command payload. Make sure the value is capped at 2047 and fix the out-of-bounds read. Fixes: 645ce1a70cb6 ("hw/block/nvme: support namespace attachment command") Cc: Minwoo Im <minwoo.im.dev@gmail.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Minwoo Im <minwoo.im.dev@gmail.com>

Diffstat (limited to 'hw/net/tulip.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: