mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
master
qemu/hw/nubus
History
Peter Maydell df827aace6 hw/nubus/nubus-device: Range check 'slot' property 
The TYPE_NUBUS_DEVICE class lets the user specify the nubus slot
using an int32 "slot" QOM property.  Its realize method doesn't do
any range checking on this value, which Coverity notices by way of
the possibility that 'nd->slot * NUBUS_SUPER_SLOT_SIZE' might
overflow the 32-bit arithmetic it is using.

Constrain the slot value to be less than NUBUS_SLOT_NB (16).

Resolves: Coverity CID 1464070
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-ID: <20240830173452.2086140-4-peter.maydell@linaro.org>
Reviewed-by: Thomas Huth <huth@tuxfamily.org>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Thomas Huth <huth@tuxfamily.org>
2024-09-08 11:49:49 +02:00
..
Kconfig
mac-nubus-bridge.c nubus-bridge: embed the NubusBus object directly within nubus-bridge 2021-09-29 10:45:19 +02:00
meson.build hw/nubus: add nubus-virtio-mmio device 2024-02-27 09:36:39 +01:00
nubus-bridge.c qbus: Rename qbus_create_inplace() to qbus_init() 2021-09-30 13:42:10 +01:00
nubus-bus.c nubus: move nubus to its own 32-bit address space 2021-09-29 10:45:19 +02:00
nubus-device.c hw/nubus/nubus-device: Range check 'slot' property 2024-09-08 11:49:49 +02:00
nubus-virtio-mmio.c hw/nubus/virtio-mmio: Fix missing ERRP_GUARD() in realize handler 2024-07-23 22:34:09 +02:00
trace-events trace-events: Fix the name of the tracing.rst file 2023-09-08 13:08:51 +03:00
trace.h nubus: add trace-events for empty slot accesses 2021-09-29 10:45:19 +02:00