[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug 1882065] Re: Could this cause OOB bug ?
From: |
r1ng0hacking |
Subject: |
[Bug 1882065] Re: Could this cause OOB bug ? |
Date: |
Wed, 10 Jun 2020 07:27:29 -0000 |
** Description changed:
- In function megasas_handle_scsi(hw/scsi/megasas.c):
-
- ```c
- static int megasas_handle_scsi(MegasasState *s, MegasasCmd *cmd,
- int frame_cmd)
- {
-
............................................................................
- cdb = cmd->frame->pass.cdb;
- target_id = cmd->frame->header.target_id;
- lun_id = cmd->frame->header.lun_id;
- cdb_len = cmd->frame->header.cdb_len;
-
............................................................................
- if (cdb_len > 16) {
- trace_megasas_scsi_invalid_cdb_len(
- mfi_frame_desc[frame_cmd], is_logical,
- target_id, lun_id, cdb_len);
- megasas_write_sense(cmd, SENSE_CODE(INVALID_OPCODE));
- cmd->frame->header.scsi_status = CHECK_CONDITION;
- s->event_count++;
- return MFI_STAT_SCSI_DONE_WITH_ERROR;
- }
- }
- ```
-
- Two variables, frame_cmd and cdb_len, can be controlled by guest os. So
- can mfi_frame_desc[frame_cmd] cause OOB bug ?
+ close!!!!!
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1882065
Title:
Could this cause OOB bug ?
Status in QEMU:
New
Bug description:
close!!!!!
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1882065/+subscriptions