[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH-for-6.1 0/3] hw/sd/sdcard: Fix assertion accessing out-of-ran
From: |
Philippe Mathieu-Daudé |
Subject: |
Re: [PATCH-for-6.1 0/3] hw/sd/sdcard: Fix assertion accessing out-of-range addresses with CMD30 |
Date: |
Mon, 2 Aug 2021 20:50:12 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 |
On 8/2/21 2:10 PM, Peter Maydell wrote:
> On Wed, 28 Jul 2021 at 19:17, Philippe Mathieu-Daudé <f4bug@amsat.org> wrote:
>>
>> Fix an assertion reported by OSS-Fuzz, add corresponding qtest.
>>
>> The change simple enough for the next rc.
>>
>> Philippe Mathieu-Daudé (3):
>> hw/sd/sdcard: Document out-of-range addresses for SEND_WRITE_PROT
>> hw/sd/sdcard: Fix assertion accessing out-of-range addresses with
>> CMD30
>> hw/sd/sdcard: Rename Write Protect Group variables
>
> I've left review comments on individual patches, but my suspicion
> is that the fix for this assertion failure is just "the
> assert should be after the test for 'addr < sd->size', not before",
> something like:
>
> @@ -821,8 +821,12 @@ static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
> wpnum = sd_addr_to_wpnum(addr);
>
> for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) {
> + if (addr >= sd->size) {
> + /* Out of range groups report as zero */
> + continue;
> + }
> assert(wpnum < sd->wpgrps_size);
> - if (addr < sd->size && test_bit(wpnum, sd->wp_groups)) {
> + if (test_bit(wpnum, sd->wp_groups)) {
> ret |= (1 << i);
> }
> }
It is simpler and works :) Thanks!