diff options
| author | Richard Henderson <richard.henderson@linaro.org> | 2024-05-01 06:49:19 -0700 |
|---|---|---|
| committer | Richard Henderson <richard.henderson@linaro.org> | 2024-05-01 06:49:19 -0700 |
| commit | 935da8c66e12796510cf2ab2978934c273999f3b (patch) | |
| tree | 36601987549ff382f43f9c7e3c651d1b34540130 | |
| parent | d5a8f0b200c41fe405f48c5d672c1338beab8d4c (diff) | |
| parent | f2c8aeb1afefcda92054c448b21fc59cdd99db30 (diff) | |
| download | focaccia-qemu-935da8c66e12796510cf2ab2978934c273999f3b.tar.gz focaccia-qemu-935da8c66e12796510cf2ab2978934c273999f3b.zip | |
Merge tag 'pull-ufs-20240429' of https://gitlab.com/jeuk20.kim/qemu into staging
ufs queue # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCgAdFiEEUBfYMVl8eKPZB+73EuIgTA5dtgIFAmYvEScACgkQEuIgTA5d # tgL3Qg//R3IcISQqqDaJ/ySzKGmkyohJSc6ySLYvla4Aki7PV+um2Dx/XNS7uG2b # d3Qz4m6QaOKsocLfldRTn2FxVK238Rp5HNny5vc0kGRdwpR514B7aU0FhpT7qObS # wbbgRdDddIBIiCFLhtXtg5/TK2h32VxGrVI6llX4gmd2VzqM0e4xeG1Oj8rZseOY # SAgvDv68s1YwlO1p1vPvst/H+mUKYkqtPN1mjfCIn5tM6ss8kCLUnKjqGAg1BnSN # xwaGrqqOlzQK2+aV02eiItiow8evU/h+c9eiTnBo/EvBwjoBn6flNXABWXFENnmP # JjVIFeiNzSFhBPDzO23GXviuEt96j5lrcGYR48HYMZfEbJNpblXzWvEGMZWnXNgx # Q3cpcarZ4vSWIflR9OnCSQaGLA0Ny6YqLbmrM/oD+v67EITafKKc+flmiF7DBASB # fUoEsdffdA37LDtygJb7hfUhvPQWWAujmGzZ1cDP8Oa0MhT7aiD0Z/WqhhjVQbM0 # iLiCDDD0cc0pmT3vw3EnEjKjnSkY3H62Q7pnYHiQgij4Ls/Rdd/P7OkSd0aI82t0 # TooWGZJnyf8rjAzY2cEB1Twrhmhuyt9NnGxip9W8JsQBZMLabD2CahOm83zsk7jZ # 3fOONz6XrW2ttFkLZcRd4x4YjKONjEXsSX2ZrXTZ5t3USz/VNvY= # =Vwyi # -----END PGP SIGNATURE----- # gpg: Signature made Sun 28 Apr 2024 08:16:55 PM PDT # gpg: using RSA key 5017D831597C78A3D907EEF712E2204C0E5DB602 # gpg: Good signature from "Jeuk Kim <jeuk20.kim@samsung.com>" [unknown] # gpg: aka "Jeuk Kim <jeuk20.kim@gmail.com>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 5017 D831 597C 78A3 D907 EEF7 12E2 204C 0E5D B602 * tag 'pull-ufs-20240429' of https://gitlab.com/jeuk20.kim/qemu: hw/ufs: Fix buffer overflow bug Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
| -rw-r--r-- | hw/ufs/ufs.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/hw/ufs/ufs.c b/hw/ufs/ufs.c index eccdb852a0..bac78a32bb 100644 --- a/hw/ufs/ufs.c +++ b/hw/ufs/ufs.c @@ -126,6 +126,10 @@ static MemTxResult ufs_dma_read_req_upiu(UfsRequest *req) copy_size = sizeof(UtpUpiuHeader) + UFS_TRANSACTION_SPECIFIC_FIELD_SIZE + data_segment_length; + if (copy_size > sizeof(req->req_upiu)) { + copy_size = sizeof(req->req_upiu); + } + ret = ufs_addr_read(u, req_upiu_base_addr, &req->req_upiu, copy_size); if (ret) { trace_ufs_err_dma_read_req_upiu(req->slot, req_upiu_base_addr); @@ -225,6 +229,10 @@ static MemTxResult ufs_dma_write_rsp_upiu(UfsRequest *req) copy_size = rsp_upiu_byte_len; } + if (copy_size > sizeof(req->rsp_upiu)) { + copy_size = sizeof(req->rsp_upiu); + } + ret = ufs_addr_write(u, rsp_upiu_base_addr, &req->rsp_upiu, copy_size); if (ret) { trace_ufs_err_dma_write_rsp_upiu(req->slot, rsp_upiu_base_addr); |