mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
staging-9.0
qemu/hw/ufs
History
Jeuk Kim 1b6e140cd8 hw/ufs: Fix buffer overflow bug 
It fixes the buffer overflow vulnerability in the ufs device.
The bug was detected by sanitizers.

You can reproduce it by:

cat << EOF |\
qemu-system-x86_64 \
-display none -machine accel=qtest -m 512M -M q35 -nodefaults -drive \
file=null-co://,if=none,id=disk0 -device ufs,id=ufs_bus -device \
ufs-lu,drive=disk0,bus=ufs_bus -qtest stdio
outl 0xcf8 0x80000810
outl 0xcfc 0xe0000000
outl 0xcf8 0x80000804
outw 0xcfc 0x06
write 0xe0000058 0x1 0xa7
write 0xa 0x1 0x50
EOF

Resolves: #2299
Fixes: 329f166244 ("hw/ufs: Support for Query Transfer Requests")
Reported-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Jeuk Kim <jeuk20.kim@samsung.com>
(cherry picked from commit f2c8aeb1af)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2024-05-02 13:03:05 +03:00
..
Kconfig
lu.c hw/ufs: Modify lu.c to share codes with SCSI subsystem 2023-10-30 10:28:04 +09:00
meson.build hw/ufs: Support for UFS logical unit 2023-09-07 14:01:29 -04:00
trace-events hw/ufs: Modify lu.c to share codes with SCSI subsystem 2023-10-30 10:28:04 +09:00
trace.h
ufs.c hw/ufs: Fix buffer overflow bug 2024-05-02 13:03:05 +03:00
ufs.h hw/ufs: Modify lu.c to share codes with SCSI subsystem 2023-10-30 10:28:04 +09:00