[Bug 1882065] Re: Could this cause OOB bug ?

[r1ng0hacking]

** Description changed:

- In function megasas_handle_scsi(hw/scsi/megasas.c):
- 
- ```c
- static int megasas_handle_scsi(MegasasState *s, MegasasCmd *cmd,
-                                int frame_cmd)
- {
-     
............................................................................
-     cdb = cmd->frame->pass.cdb;
-     target_id = cmd->frame->header.target_id;
-     lun_id = cmd->frame->header.lun_id;
-     cdb_len = cmd->frame->header.cdb_len;
-     
............................................................................
-     if (cdb_len > 16) {
-         trace_megasas_scsi_invalid_cdb_len(
-                 mfi_frame_desc[frame_cmd], is_logical,
-                 target_id, lun_id, cdb_len);
-         megasas_write_sense(cmd, SENSE_CODE(INVALID_OPCODE));
-         cmd->frame->header.scsi_status = CHECK_CONDITION;
-         s->event_count++;
-         return MFI_STAT_SCSI_DONE_WITH_ERROR;
-     }
- }
- ```
- 
- Two variables, frame_cmd and cdb_len, can be controlled by guest os. So
- can mfi_frame_desc[frame_cmd] cause OOB bug ?
+ close!!!!!

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1882065

Title:
  Could this cause OOB bug ?

Status in QEMU:
  New

Bug description:
  close!!!!!

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1882065/+subscriptions