[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 16/44] hw/core/sysbus: Assert memory region index is in range
|
From: |
Laurent Vivier |
|
Subject: |
[PULL 16/44] hw/core/sysbus: Assert memory region index is in range |
|
Date: |
Tue, 1 Sep 2020 16:09:26 +0200 |
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
Devices incorrectly modelled might use invalid index while
calling sysbus_mmio_get_region(), leading to OOB access.
Help developers by asserting the index is in range.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200806130945.21629-3-f4bug@amsat.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
---
hw/core/sysbus.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/core/sysbus.c b/hw/core/sysbus.c
index 77ab351ce1a8..294f90b7deef 100644
--- a/hw/core/sysbus.c
+++ b/hw/core/sysbus.c
@@ -199,6 +199,7 @@ void sysbus_init_mmio(SysBusDevice *dev, MemoryRegion
*memory)
MemoryRegion *sysbus_mmio_get_region(SysBusDevice *dev, int n)
{
+ assert(n >= 0 && n < QDEV_MAX_MMIO);
return dev->mmio[n].memory;
}
--
2.26.2
- [PULL 01/44] hw/register: Document register_init_block @memory_size, (continued)
- [PULL 01/44] hw/register: Document register_init_block @memory_size, Laurent Vivier, 2020/09/01
- Re: [PULL 00/44] Trivial branch for 5.2 patches, Laurent Vivier, 2020/09/01
- [PULL 00/44] Trivial branch for 5.2 patches, Laurent Vivier, 2020/09/01
- [PULL 01/44] hw/register: Document register_init_block @memory_size, Laurent Vivier, 2020/09/01
- [PULL 03/44] target/ppc: Remove superfluous breaks, Laurent Vivier, 2020/09/01
- [PULL 10/44] hw/net/can: Add missing fallthrough statements, Laurent Vivier, 2020/09/01
- [PULL 04/44] scsi: Remove superfluous breaks, Laurent Vivier, 2020/09/01
- [PULL 13/44] stubs/cmos: Use correct include, Laurent Vivier, 2020/09/01
- [PULL 12/44] hw/isa/isa-superio: Fix IDE controller realization, Laurent Vivier, 2020/09/01
- [PULL 16/44] hw/core/sysbus: Assert memory region index is in range,
Laurent Vivier <=
- [PULL 08/44] target/sh4: Remove superfluous breaks, Laurent Vivier, 2020/09/01
- [PULL 18/44] docs: Fix broken links, Laurent Vivier, 2020/09/01
- [PULL 19/44] .mailmap: Update Paul Burton email address, Laurent Vivier, 2020/09/01
- [PULL 02/44] target/arm/kvm: Remove superfluous break, Laurent Vivier, 2020/09/01
- [PULL 14/44] qemu-options.hx: Fix typo for netdev documentation, Laurent Vivier, 2020/09/01
- [PULL 15/44] hw/core/sysbus: Fix a typo, Laurent Vivier, 2020/09/01
- [PULL 11/44] hw/i386/kvm/ioapic.c: fix typo in error message, Laurent Vivier, 2020/09/01
- [PULL 17/44] Revert "mailmap: Update philmd email address", Laurent Vivier, 2020/09/01
- [PULL 20/44] hw/i2c: Fix typo in description, Laurent Vivier, 2020/09/01
- [PULL 23/44] mailmap: Add entry for Greg Kurz, Laurent Vivier, 2020/09/01