qemu-stable
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2] hw/scsi/scsi-disk: Fix out of bounds access in mode_sense

From: Paolo Bonzini
Subject: Re: [PATCH v2] hw/scsi/scsi-disk: Fix out of bounds access in mode_sense_page()
Date: Fri, 5 Feb 2021 18:27:19 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.6.0 
On 04/02/21 23:50, Philippe Mathieu-Daudé wrote:

diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
index ed52fcd49ff..93aec483e88 100644
--- a/hw/scsi/scsi-disk.c
+++ b/hw/scsi/scsi-disk.c
@@ -1089,7 +1089,7 @@ static int scsi_emulate_mechanism_status(SCSIDiskState 
*s, uint8_t *outbuf)
  static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
                             int page_control)
  {
-    static const int mode_sense_valid[0x3f] = {
+    static const int mode_sense_valid[MODE_PAGE_ALLS + 1] = {
          [MODE_PAGE_HD_GEOMETRY]            = (1 << TYPE_DISK),
          [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
          [MODE_PAGE_CACHING]                = (1 << TYPE_DISK) | (1 << 
TYPE_ROM),
The bug is really that mode select with page 0x3f should fail, but it's okay too. Can you also write a testcase along the lines of test_unaligned_write_same? 

Paolo
reply via email to
[Prev in Thread] Current Thread [Next in Thread]