]> Git Repo - qemu.git/commit
projects / qemu.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c84b319) | patch
sdhci.c: Limit the maximum block size
authorAlistair Francis <[email protected]>
Tue, 6 Oct 2015 17:40:41 +0000 (10:40 -0700)
committerStefan Hajnoczi <[email protected]>
Mon, 12 Oct 2015 10:17:45 +0000 (11:17 +0100)
commit9201bb9a8c7cd3ba2382b7db5b2e40f603e61528
tree131b06da5d5ab464f77a00bd67704c0234989b2dtree | snapshot
parentc84b31926f018af6fea2ab37a1fc47060b4bcfa1commit | diff
sdhci.c: Limit the maximum block size

It is possible for the guest to set an invalid block
size which is larger then the fifo_buffer[] array. This
could cause a buffer overflow.

To avoid this limit the maximum size of the blksize variable.

Signed-off-by: Alistair Francis <[email protected]>
Reported-by: Intel Security ATR <[email protected]>
Reviewed-by: Stefan Hajnoczi <[email protected]>
Reviewed-by: Peter Crosthwaite <[email protected]>
Message-id: abe4c51f513290bbb85d1ee271cb1a3d463d7561.1444067470[email protected]
Suggested-by: Igor Mitsyanko <[email protected]>
Reported-by: Intel Security ATR <[email protected]>
Reviewed-by: Stefan Hajnoczi <[email protected]>
Signed-off-by: Stefan Hajnoczi <[email protected]>
hw/sd/sdhci.c diff | blob | blame | history
Empty description
This page took 0.025948 seconds and 4 git commands to generate.