[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 3/3] ppc/pnv: check size before data buffer access
From: |
P J P |
Subject: |
[Qemu-devel] [PATCH 3/3] ppc/pnv: check size before data buffer access |
Date: |
Mon, 22 Oct 2018 17:49:07 +0530 |
From: Prasad J Pandit <address@hidden>
While performing PowerNV memory r/w operations, the access length
'sz' could exceed the data[4] buffer size. Add check to avoid OOB
access.
Reported-by: Moguofang <address@hidden>
Signed-off-by: Prasad J Pandit <address@hidden>
---
hw/ppc/pnv_lpc.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/hw/ppc/pnv_lpc.c b/hw/ppc/pnv_lpc.c
index d7721320a2..f5e5bd4053 100644
--- a/hw/ppc/pnv_lpc.c
+++ b/hw/ppc/pnv_lpc.c
@@ -158,6 +158,10 @@ static void pnv_lpc_do_eccb(PnvLpcController *lpc,
uint64_t cmd)
uint8_t data[4];
bool success;
+ if (sz > sizeof(data)) {
+ return;
+ }
+
if (cmd & ECCB_CTL_READ) {
success = opb_read(lpc, opb_addr, data, sz);
if (success) {
--
2.17.2
- [Qemu-devel] [PATCH 3/3] ppc/pnv: check size before data buffer access,
P J P <=