[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 02/20] hw/sd: fix out-of-bounds check for multi block
From: |
Peter Maydell |
Subject: |
[Qemu-devel] [PULL 02/20] hw/sd: fix out-of-bounds check for multi block reads |
Date: |
Fri, 6 Oct 2017 16:59:27 +0100 |
From: Michael Olbrich <address@hidden>
The current code checks if the next block exceeds the size of the card.
This generates an error while reading the last block of the card.
Do the out-of-bounds check when starting to read a new block to fix this.
This issue became visible with increased error checking in Linux 4.13.
Cc: address@hidden
Signed-off-by: Michael Olbrich <address@hidden>
Reviewed-by: Alistair Francis <address@hidden>
Message-id: address@hidden
Signed-off-by: Peter Maydell <address@hidden>
---
hw/sd/sd.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/hw/sd/sd.c b/hw/sd/sd.c
index ba47bff..35347a5 100644
--- a/hw/sd/sd.c
+++ b/hw/sd/sd.c
@@ -1797,8 +1797,13 @@ uint8_t sd_read_data(SDState *sd)
break;
case 18: /* CMD18: READ_MULTIPLE_BLOCK */
- if (sd->data_offset == 0)
+ if (sd->data_offset == 0) {
+ if (sd->data_start + io_len > sd->size) {
+ sd->card_status |= ADDRESS_ERROR;
+ return 0x00;
+ }
BLK_READ_BLOCK(sd->data_start, io_len);
+ }
ret = sd->data[sd->data_offset ++];
if (sd->data_offset >= io_len) {
@@ -1812,11 +1817,6 @@ uint8_t sd_read_data(SDState *sd)
break;
}
}
-
- if (sd->data_start + io_len > sd->size) {
- sd->card_status |= ADDRESS_ERROR;
- break;
- }
}
break;
--
2.7.4
- [Qemu-devel] [PULL 09/20] target/arm: Check for xPSR mismatch usage faults earlier for v8M, (continued)
- [Qemu-devel] [PULL 09/20] target/arm: Check for xPSR mismatch usage faults earlier for v8M, Peter Maydell, 2017/10/06
- [Qemu-devel] [PULL 18/20] target/arm: Fix calculation of secure mm_idx values, Peter Maydell, 2017/10/06
- [Qemu-devel] [PULL 15/20] target/arm: Add v8M support to exception entry code, Peter Maydell, 2017/10/06
- [Qemu-devel] [PULL 12/20] target/arm: Add new-in-v8M SFSR and SFAR, Peter Maydell, 2017/10/06
- [Qemu-devel] [PULL 10/20] target/arm: Warn about restoring to unaligned stack, Peter Maydell, 2017/10/06
- [Qemu-devel] [PULL 11/20] target/arm: Don't warn about exception return with PC low bit set for v8M, Peter Maydell, 2017/10/06
- [Qemu-devel] [PULL 08/20] target/arm: Restore SPSEL to correct CONTROL register on exception return, Peter Maydell, 2017/10/06
- [Qemu-devel] [PULL 03/20] hw/arm/xlnx-zynqmp: Mark the "xlnx, zynqmp" device with user_creatable = false, Peter Maydell, 2017/10/06
- [Qemu-devel] [PULL 04/20] nvic: Clear the vector arrays and prigroup on reset, Peter Maydell, 2017/10/06
- [Qemu-devel] [PULL 20/20] nvic: Add missing code for writing SHCSR.HARDFAULTPENDED bit, Peter Maydell, 2017/10/06
- [Qemu-devel] [PULL 02/20] hw/sd: fix out-of-bounds check for multi block reads,
Peter Maydell <=
- [Qemu-devel] [PULL 07/20] target/arm: Restore security state on exception return, Peter Maydell, 2017/10/06
- [Qemu-devel] [PULL 19/20] target/arm: Factor out "get mmuidx for specified security state", Peter Maydell, 2017/10/06
- [Qemu-devel] [PULL 17/20] target/arm: Implement security attribute lookups for memory accesses, Peter Maydell, 2017/10/06
- [Qemu-devel] [PULL 01/20] arm: Fix SMC reporting to EL2 when QEMU provides PSCI, Peter Maydell, 2017/10/06
- [Qemu-devel] [PULL 05/20] target/arm: Don't switch to target stack early in v7M exception return, Peter Maydell, 2017/10/06
- [Qemu-devel] [PULL 06/20] target/arm: Prepare for CONTROL.SPSEL being nonzero in Handler mode, Peter Maydell, 2017/10/06
- Re: [Qemu-devel] [PULL 00/20] target-arm queue, Peter Maydell, 2017/10/06