[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH] lsi53c895a: check script ram address value
|
From: |
P J P |
|
Subject: |
[Qemu-devel] [PATCH] lsi53c895a: check script ram address value |
|
Date: |
Tue, 6 Nov 2018 17:23:51 +0530 |
From: Prasad J Pandit <address@hidden>
While accessing script ram[2048] via 'lsi_ram_read/write' routines,
'addr' could exceed the ram range. Mask high order bits to avoid
OOB access.
Reported-by: Mark Kanda <address@hidden>
Signed-off-by: Prasad J Pandit <address@hidden>
---
hw/scsi/lsi53c895a.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
index 3f207f607c..0800df416e 100644
--- a/hw/scsi/lsi53c895a.c
+++ b/hw/scsi/lsi53c895a.c
@@ -2035,6 +2035,7 @@ static void lsi_ram_write(void *opaque, hwaddr addr,
uint32_t mask;
int shift;
+ addr &= 0x01FFF;
newval = s->script_ram[addr >> 2];
shift = (addr & 3) * 8;
mask = ((uint64_t)1 << (size * 8)) - 1;
@@ -2050,6 +2051,7 @@ static uint64_t lsi_ram_read(void *opaque, hwaddr addr,
uint32_t val;
uint32_t mask;
+ addr &= 0x01FFF;
val = s->script_ram[addr >> 2];
mask = ((uint64_t)1 << (size * 8)) - 1;
val >>= (addr & 3) * 8;
--
2.17.2
- [Qemu-devel] [PATCH] lsi53c895a: check script ram address value,
P J P <=