qemu/hw/ide
Paolo Bonzini 8132122889 ide: atapi: assert that the buffer pointer is in range
A case was reported where s->io_buffer_index can be out of range.
The report skimped on the details but it seems to be triggered
by s->lba == -1 on the READ/READ CD paths (e.g. by sending an
ATAPI command with LBA = 0xFFFFFFFF).  For now paper over it
with assertions.  The first one ensures that there is no overflow
when incrementing s->io_buffer_index, the second checks for the
buffer overrun.

Note that the buffer overrun is only a read, so I am not sure
if the assertion failure is actually less harmful than the overrun.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20201201120926.56559-1-pbonzini@redhat.com
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-12-01 15:23:05 +00:00
..
ahci_internal.h nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
ahci-allwinner.c
ahci.c nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
atapi.c ide: atapi: assert that the buffer pointer is in range 2020-12-01 15:23:05 +00:00
cmd646.c
core.c
ich.c nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
ioport.c
isa.c
Kconfig
macio.c
meson.build
microdrive.c
mmio.c
pci.c
piix.c
qdev.c nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
sii3112.c
trace-events
trace.h
via.c