[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH-for-5.2 v2] hw/intc: fix heap-buffer-overflow in rxicu_realiz
From: |
Philippe Mathieu-Daudé |
Subject: |
Re: [PATCH-for-5.2 v2] hw/intc: fix heap-buffer-overflow in rxicu_realize() |
Date: |
Fri, 20 Nov 2020 18:53:34 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.4.0 |
Hi Peter,
On 11/20/20 5:41 PM, Peter Maydell wrote:
> On Fri, 20 Nov 2020 at 13:44, Peter Maydell <peter.maydell@linaro.org> wrote:
>>
>> On Wed, 11 Nov 2020 at 14:18, Chen Qun <kuhn.chenqun@huawei.com> wrote:
>>>
>>> When 'j = icu->nr_sense – 1', the 'j < icu->nr_sense' condition is true,
>>> then 'j = icu->nr_sense', the'icu->init_sense[j]' has out-of-bounds access.
>
>>> Suggested-by: Peter Maydell <peter.maydell@linaro.org>
>>> Reported-by: Euler Robot <euler.robot@huawei.com>
>>> Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com>
>>
>>
>> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
>
> I'll take this via target-arm.next, I guess.
Sorry I missed this patch while preparing the latest Renesas
pull request. I filter for hw/rx/ and didn't notice this
(also I was not Cc'ed in v1).
BTW to make things clear, I'm not maintaining this subsystem,
I simply try to cover for Yoshinori who is not very active.
As there are no other patch, I appreciate you taking this via
your ARM queue.
Thanks,
Phil.