summary refs log tree commit diff stats
path: root/results/classifier/deepseek-2/output/other/1882065
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/deepseek-2/output/other/1882065')
-rw-r--r--results/classifier/deepseek-2/output/other/188206528
1 files changed, 28 insertions, 0 deletions
diff --git a/results/classifier/deepseek-2/output/other/1882065 b/results/classifier/deepseek-2/output/other/1882065
new file mode 100644
index 000000000..1ae2a5a7d
--- /dev/null
+++ b/results/classifier/deepseek-2/output/other/1882065
@@ -0,0 +1,28 @@
+
+Could this cause OOB bug ?
+
+In function megasas_handle_scsi(hw/scsi/megasas.c):
+
+```c
+static int megasas_handle_scsi(MegasasState *s, MegasasCmd *cmd,
+                               int frame_cmd)
+{
+    ............................................................................
+    cdb = cmd->frame->pass.cdb;
+    target_id = cmd->frame->header.target_id;
+    lun_id = cmd->frame->header.lun_id;
+    cdb_len = cmd->frame->header.cdb_len;
+    ............................................................................
+    if (cdb_len > 16) {
+        trace_megasas_scsi_invalid_cdb_len(
+                mfi_frame_desc[frame_cmd], is_logical,
+                target_id, lun_id, cdb_len);
+        megasas_write_sense(cmd, SENSE_CODE(INVALID_OPCODE));
+        cmd->frame->header.scsi_status = CHECK_CONDITION;
+        s->event_count++;
+        return MFI_STAT_SCSI_DONE_WITH_ERROR;
+    }
+}
+```
+
+Two variables, frame_cmd and cdb_len, can be controlled by guest os. So can mfi_frame_desc[frame_cmd] cause OOB bug ?
\ No newline at end of file