qemu-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] f2c8ae: hw/ufs: Fix buffer overflow bug

From: Richard Henderson
Subject: [Qemu-commits] [qemu/qemu] f2c8ae: hw/ufs: Fix buffer overflow bug
Date: Tue, 30 Apr 2024 16:03:46 -0700 
  Branch: refs/heads/staging
  Home:   https://github.com/qemu/qemu
  Commit: f2c8aeb1afefcda92054c448b21fc59cdd99db30
      
https://github.com/qemu/qemu/commit/f2c8aeb1afefcda92054c448b21fc59cdd99db30
  Author: Jeuk Kim <jeuk20.kim@samsung.com>
  Date:   2024-04-29 (Mon, 29 Apr 2024)

  Changed paths:
    M hw/ufs/ufs.c

  Log Message:
  -----------
  hw/ufs: Fix buffer overflow bug

It fixes the buffer overflow vulnerability in the ufs device.
The bug was detected by sanitizers.

You can reproduce it by:

cat << EOF |\
qemu-system-x86_64 \
-display none -machine accel=qtest -m 512M -M q35 -nodefaults -drive \
file=null-co://,if=none,id=disk0 -device ufs,id=ufs_bus -device \
ufs-lu,drive=disk0,bus=ufs_bus -qtest stdio
outl 0xcf8 0x80000810
outl 0xcfc 0xe0000000
outl 0xcf8 0x80000804
outw 0xcfc 0x06
write 0xe0000058 0x1 0xa7
write 0xa 0x1 0x50
EOF

Resolves: #2299
Fixes: 329f16624499 ("hw/ufs: Support for Query Transfer Requests")
Reported-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Jeuk Kim <jeuk20.kim@samsung.com>


  Commit: e79b15350ef613efdfa5067d07534c6a82a78a06
      
https://github.com/qemu/qemu/commit/e79b15350ef613efdfa5067d07534c6a82a78a06
  Author: Richard Henderson <richard.henderson@linaro.org>
  Date:   2024-04-30 (Tue, 30 Apr 2024)

  Changed paths:
    M hw/ufs/ufs.c

  Log Message:
  -----------
  Merge tag 'pull-ufs-20240429' of https://gitlab.com/jeuk20.kim/qemu into 
staging

ufs queue

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEEUBfYMVl8eKPZB+73EuIgTA5dtgIFAmYvEScACgkQEuIgTA5d
# tgL3Qg//R3IcISQqqDaJ/ySzKGmkyohJSc6ySLYvla4Aki7PV+um2Dx/XNS7uG2b
# d3Qz4m6QaOKsocLfldRTn2FxVK238Rp5HNny5vc0kGRdwpR514B7aU0FhpT7qObS
# wbbgRdDddIBIiCFLhtXtg5/TK2h32VxGrVI6llX4gmd2VzqM0e4xeG1Oj8rZseOY
# SAgvDv68s1YwlO1p1vPvst/H+mUKYkqtPN1mjfCIn5tM6ss8kCLUnKjqGAg1BnSN
# xwaGrqqOlzQK2+aV02eiItiow8evU/h+c9eiTnBo/EvBwjoBn6flNXABWXFENnmP
# JjVIFeiNzSFhBPDzO23GXviuEt96j5lrcGYR48HYMZfEbJNpblXzWvEGMZWnXNgx
# Q3cpcarZ4vSWIflR9OnCSQaGLA0Ny6YqLbmrM/oD+v67EITafKKc+flmiF7DBASB
# fUoEsdffdA37LDtygJb7hfUhvPQWWAujmGzZ1cDP8Oa0MhT7aiD0Z/WqhhjVQbM0
# iLiCDDD0cc0pmT3vw3EnEjKjnSkY3H62Q7pnYHiQgij4Ls/Rdd/P7OkSd0aI82t0
# TooWGZJnyf8rjAzY2cEB1Twrhmhuyt9NnGxip9W8JsQBZMLabD2CahOm83zsk7jZ
# 3fOONz6XrW2ttFkLZcRd4x4YjKONjEXsSX2ZrXTZ5t3USz/VNvY=
# =Vwyi
# -----END PGP SIGNATURE-----
# gpg: Signature made Sun 28 Apr 2024 08:16:55 PM PDT
# gpg:                using RSA key 5017D831597C78A3D907EEF712E2204C0E5DB602
# gpg: Good signature from "Jeuk Kim <jeuk20.kim@samsung.com>" [unknown]
# gpg:                 aka "Jeuk Kim <jeuk20.kim@gmail.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 5017 D831 597C 78A3 D907  EEF7 12E2 204C 0E5D B602

* tag 'pull-ufs-20240429' of https://gitlab.com/jeuk20.kim/qemu:
  hw/ufs: Fix buffer overflow bug

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>


Compare: https://github.com/qemu/qemu/compare/9c6c079bc672...e79b15350ef6

To unsubscribe from these emails, change your notification settings at 
https://github.com/qemu/qemu/settings/notifications
reply via email to
[Prev in Thread] Current Thread [Next in Thread]