[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] hw/ide: replace assert with proper error handling
|
From: |
Artem Nasonov |
|
Subject: |
[PATCH] hw/ide: replace assert with proper error handling |
|
Date: |
Thu, 16 Jan 2025 14:16:00 +0300 |
This assert was found during fuzzing and can be triggered with some qtest
commands.
So instead of assert failure I suggest to handle this error and abort the
command.
This patch is required at least to improve fuzzing process and do not spam with
this assert.
RFC.
Found by Linux Verification Center (linuxtesting.org) with libFuzzer.
Fixes: ed78352a59 ("ide: Fix incorrect handling of some PRDTs in ide_dma_cb()")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2777
Signed-off-by: Artem Nasonov <anasonov@astralinux.ru>
---
hw/ide/core.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/hw/ide/core.c b/hw/ide/core.c
index f9baba59e9..baca7121ec 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -931,7 +931,10 @@ static void ide_dma_cb(void *opaque, int ret)
s->io_buffer_size = n * 512;
prep_size = s->bus->dma->ops->prepare_buf(s->bus->dma, s->io_buffer_size);
/* prepare_buf() must succeed and respect the limit */
- assert(prep_size >= 0 && prep_size <= n * 512);
+ if (prep_size < 0 || prep_size > n * 512) {
+ ide_dma_error(s);
+ return;
+ }
/*
* Now prep_size stores the number of bytes in the sglist, and
--
2.39.5
- [PATCH] hw/ide: replace assert with proper error handling,
Artem Nasonov <=