[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v1] arm: check bit index before usage
|
From: |
Peter Maydell |
|
Subject: |
Re: [Qemu-devel] [PATCH v1] arm: check bit index before usage |
|
Date: |
Thu, 25 Oct 2018 15:32:45 +0100 |
On 22 October 2018 at 19:10, P J P <address@hidden> wrote:
> From: Prasad J Pandit <address@hidden>
>
> While performing gpio write via strongarm_gpio_handler_update
> routine, the 'bit' index could access beyond s->handler[28] array.
> Add check to avoid OOB access.
>
> Reported-by: Moguofang <address@hidden>
> Signed-off-by: Prasad J Pandit <address@hidden>
> ---
> hw/arm/strongarm.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> Update v1: use ARRAY_SIZE macro
> -> https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg04826.html
>
Hi; thanks for this patch. Looking at the SA1110 manual,
it says that writes to the reserved bits [31:28] are
ignored. So I think that rather than doing this check
here, we should do what the strongarm_ppc_* code in the
same file does -- mask off the high bits for writes to
the direction and state registers. Then it will not
be possible for high bits to be set here that cause an
out-of-range array access.
Side note: this device is used only in the "collie"
machine model, which only works via TCG, so this is
not a security issue, just a bug (which will only be
visible if the guest is buggy.)
thanks
-- PMM