|
| From: | Paolo Bonzini |
| Subject: | Re: [PATCH v2] ide: atapi: check logical block address and read size (CVE-2020-29443) |
| Date: | Mon, 18 Jan 2021 12:57:04 +0100 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.6.0 |
On 18/01/21 12:44, P J P wrote:
To confirm:
* (uint64_t)INT_MAX << 2 is => 8589934588 ~= 8.5G sectors ?
Media size would be:
8.5G * 512B(sector) => ~4TB
8.5G * 4096B(sector) => ~32TB
* We are limiting IDE media size to ~4TB/~32TB ?
s->nb_sectors is in units of 512B, so the limit would be 4TB. The purpose is to limit the lba and nb_sectors arguments (which are in 2048B units) of ide_atapi_cmd_read_{dma,pio} to INT_MAX.
Paolo
| [Prev in Thread] | Current Thread | [Next in Thread] |