mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
c56e3b8670
qemu/hw/sd
History
Prasad J Pandit 42922105be sd: sdhci: check data length during dma_memory_read 
While doing multi block SDMA transfer in routine
'sdhci_sdma_transfer_multi_blocks', the 's->fifo_buffer' starting
index 'begin' and data length 's->data_count' could end up to be same.
This could lead to an OOB access issue. Correct transfer data length
to avoid it.

Cc: qemu-stable@nongnu.org
Reported-by: Jiang Xin <jiangxin1@huawei.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20170130064736.9236-1-ppandit@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-07 18:29:59 +00:00
..
core.c hw/sd: Add QOM bus which SD cards plug in to 2016-02-18 14:26:33 +00:00
Makefile.objs hw/sd: Add QOM bus which SD cards plug in to 2016-02-18 14:26:33 +00:00
milkymist-memcard.c milkymist: update specification URLs 2016-06-20 18:12:04 +02:00
omap_mmc.c arm devices: Clean up includes 2016-01-29 15:07:25 +00:00
pl181.c hw/sd: QOM'ify pl181.c 2016-06-14 15:59:14 +01:00
pxa2xx_mmci.c include/qemu/osdep.h: Don't include qapi/error.h 2016-03-22 22:20:15 +01:00
sd.c sd: free timer 2016-09-08 18:05:22 +04:00
sdhci-internal.h Replaced get_tick_per_sec() by NANOSECONDS_PER_SECOND 2016-03-22 22:20:17 +01:00
sdhci.c sd: sdhci: check data length during dma_memory_read 2017-02-07 18:29:59 +00:00
ssi-sd.c vmstateify ssi-sd 2016-09-22 18:13:08 +01:00
trace-events trace-events: fix first line comment in trace-events 2016-08-12 10:36:01 +01:00