qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH-for-5.2 v2] hw/intc: fix heap-buffer-overflow in rxicu_realiz


From: Philippe Mathieu-Daudé
Subject: Re: [PATCH-for-5.2 v2] hw/intc: fix heap-buffer-overflow in rxicu_realize()
Date: Fri, 20 Nov 2020 18:53:34 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.4.0

Hi Peter,

On 11/20/20 5:41 PM, Peter Maydell wrote:
> On Fri, 20 Nov 2020 at 13:44, Peter Maydell <peter.maydell@linaro.org> wrote:
>>
>> On Wed, 11 Nov 2020 at 14:18, Chen Qun <kuhn.chenqun@huawei.com> wrote:
>>>
>>> When 'j = icu->nr_sense – 1', the 'j < icu->nr_sense' condition is true,
>>> then 'j = icu->nr_sense', the'icu->init_sense[j]' has out-of-bounds access.
> 
>>> Suggested-by: Peter Maydell <peter.maydell@linaro.org>
>>> Reported-by: Euler Robot <euler.robot@huawei.com>
>>> Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com>
>>
>>
>> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
> 
> I'll take this via target-arm.next, I guess.

Sorry I missed this patch while preparing the latest Renesas
pull request. I filter for hw/rx/ and didn't notice this
(also I was not Cc'ed in v1).

BTW to make things clear, I'm not maintaining this subsystem,
I simply try to cover for Yoshinori who is not very active.

As there are no other patch, I appreciate you taking this via
your ARM queue.

Thanks,

Phil.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]