[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-trivial] [PATCH] vt82c686: avoid out-of-bounds read
From: |
Paolo Bonzini |
Subject: |
Re: [Qemu-trivial] [PATCH] vt82c686: avoid out-of-bounds read |
Date: |
Thu, 11 Dec 2014 20:05:19 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0 |
On 11/12/2014 18:55, Michael Tokarev wrote:
>> > superio_ioport_readb can read the 256th element of the array.
> Is there a legitimate reason for it to access byte index 256?
The 256th element is byte index 255. :)
> What is the actual size of superio config memory, 256 or 257?
It's 256 and the array is sized conf[0xff].
> I don't know, but somehow it looks like it should be 256.
That's what the patch does. :)
Paolo