[Qemu-devel] Re: [RFT][PATCH 01/15] hpet: Catch out-of-bounds timer acce

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] Re: [RFT][PATCH 01/15] hpet: Catch out-of-bounds timer acce

From:	Jan Kiszka
Subject:	[Qemu-devel] Re: [RFT][PATCH 01/15] hpet: Catch out-of-bounds timer access
Date:	Mon, 24 May 2010 22:36:30 +0200
User-agent:	Mozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.8.1.12) Gecko/20080226 SUSE/2.0.0.12-1.1 Thunderbird/2.0.0.12 Mnenhy/0.7.5.666

Juan Quintela wrote:
> Jan Kiszka <address@hidden> wrote:
>> From: Jan Kiszka <address@hidden>
>>
>> Also prevent out-of-bounds write access to the timers but don't spam the
>> host console if it triggers.
>>
>> Signed-off-by: Jan Kiszka <address@hidden>
>> ---
>>  hw/hpet.c |    6 +++++-
>>  1 files changed, 5 insertions(+), 1 deletions(-)
>>
>> diff --git a/hw/hpet.c b/hw/hpet.c
>> index 8729fb2..1980906 100644
>> --- a/hw/hpet.c
>> +++ b/hw/hpet.c
>> @@ -294,7 +294,7 @@ static uint32_t hpet_ram_readl(void *opaque, 
>> target_phys_addr_t addr)
>>      if (index >= 0x100 && index <= 0x3ff) {
>>          uint8_t timer_id = (addr - 0x100) / 0x20;
>>          if (timer_id > HPET_NUM_TIMERS - 1) {
>> -            printf("qemu: timer id out of range\n");
>> +            DPRINTF("qemu: timer id out of range\n");
>>              return 0;
>>          }
>>          HPETTimer *timer = &s->timer[timer_id];
>> @@ -383,6 +383,10 @@ static void hpet_ram_writel(void *opaque, 
>> target_phys_addr_t addr,
>>          DPRINTF("qemu: hpet_ram_writel timer_id = %#x \n", timer_id);
> 
> if you are going to check timer_id, check it before accessing the array?

That's just address arithmetic, nothing is dereferenced at this point.

Jan

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [RFT][PATCH 00/15] HPET cleanups, fixes, enhancements, Jan Kiszka, 2010/05/24
- [Qemu-devel] [RFT][PATCH 01/15] hpet: Catch out-of-bounds timer access, Jan Kiszka, 2010/05/24
  - [Qemu-devel] Re: [RFT][PATCH 01/15] hpet: Catch out-of-bounds timer access, Juan Quintela, 2010/05/24
    - [Qemu-devel] Re: [RFT][PATCH 01/15] hpet: Catch out-of-bounds timer access, Jan Kiszka <=
    - [Qemu-devel] Re: [RFT][PATCH 01/15] hpet: Catch out-of-bounds timer access, Juan Quintela, 2010/05/24
- [Qemu-devel] [RFT][PATCH 04/15] hpet: Move static timer field initialization, Jan Kiszka, 2010/05/24
- [Qemu-devel] [RFT][PATCH 06/15] hpet: Start/stop timer when HPET_TN_ENABLE is modified, Jan Kiszka, 2010/05/24
- [Qemu-devel] [RFT][PATCH 03/15] hpet: Silence warning on write to running main counter, Jan Kiszka, 2010/05/24
- [Qemu-devel] [RFT][PATCH 05/15] hpet: Convert to qdev, Jan Kiszka, 2010/05/24
  - Re: [Qemu-devel] [RFT][PATCH 05/15] hpet: Convert to qdev, Paul Brook, 2010/05/25
    - Re: [Qemu-devel] [RFT][PATCH 05/15] hpet: Convert to qdev, Jan Kiszka, 2010/05/25
- [Qemu-devel] [RFT][PATCH 13/15] hpet: Make number of timers configurable, Jan Kiszka, 2010/05/24
- [Qemu-devel] [RFT][PATCH 10/15] hpet: Drop static state, Jan Kiszka, 2010/05/24
- [Qemu-devel] [RFT][PATCH 09/15] hpet/rtc: Rework RTC IRQ replacement by HPET, Jan Kiszka, 2010/05/24

Prev by Date: [Qemu-devel] [Bug 583462] Re: qemu disables screensaver
Next by Date: [Qemu-devel] Re: [RFT][PATCH 02/15] hpet: Coding style cleanups and some refactorings
Previous by thread: [Qemu-devel] Re: [RFT][PATCH 01/15] hpet: Catch out-of-bounds timer access
Next by thread: [Qemu-devel] Re: [RFT][PATCH 01/15] hpet: Catch out-of-bounds timer access
Index(es):
- Date
- Thread