From patchwork Sat Dec 24 15:11:13 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jean-Christophe Dubois X-Patchwork-Id: 9488055 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 9AD7F601D2 for ; Sat, 24 Dec 2016 15:11:59 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 83B9F27E22 for ; Sat, 24 Dec 2016 15:11:59 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 77D6127E3E; Sat, 24 Dec 2016 15:11:59 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 7330E27E22 for ; Sat, 24 Dec 2016 15:11:57 +0000 (UTC) Received: from localhost ([::1]:43879 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cKnzH-0005Yu-O0 for patchwork-qemu-devel@patchwork.kernel.org; Sat, 24 Dec 2016 10:11:55 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:43830) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cKnz0-0005Yo-8h for qemu-devel@nongnu.org; Sat, 24 Dec 2016 10:11:39 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cKnyx-0000wk-36 for qemu-devel@nongnu.org; Sat, 24 Dec 2016 10:11:38 -0500 Received: from relay3-d.mail.gandi.net ([217.70.183.195]:36579) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cKnyw-0000wB-Sq for qemu-devel@nongnu.org; Sat, 24 Dec 2016 10:11:35 -0500 Received: from UX3035CA-JCD.home (2a01cb0008f2bf00bc28c535edb8361e.ipv6.abo.wanadoo.fr [IPv6:2a01:cb00:8f2:bf00:bc28:c535:edb8:361e]) (Authenticated sender: jcd@tribudubois.net) by relay3-d.mail.gandi.net (Postfix) with ESMTPSA id 83EA6A80CD; Sat, 24 Dec 2016 16:11:31 +0100 (CET) From: Jean-Christophe Dubois To: qemu-devel@nongnu.org, peter.maydell@linaro.org Date: Sat, 24 Dec 2016 16:11:13 +0100 Message-Id: <20161224151113.23955-1-jcd@tribudubois.net> X-Mailer: git-send-email 2.9.3 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 217.70.183.195 Subject: [Qemu-devel] [PATCH] [M25P80] Make sure not to overrun the internal data buffer. X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jean-Christophe Dubois Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP It did happen that the internal data buffer was overrun leading to a Qemu crash (in particular while emulating the i.MX6 sabrelite board). This patch makes sure the data array would not be overrun and allow the sabrelite emulation to run without crash. Signed-off-by: Jean-Christophe Dubois --- hw/block/m25p80.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c index d29ff4c..a1c4e5d 100644 --- a/hw/block/m25p80.c +++ b/hw/block/m25p80.c @@ -1117,7 +1117,7 @@ static uint32_t m25p80_transfer8(SSISlave *ss, uint32_t tx) s->data[s->len] = (uint8_t)tx; s->len++; - if (s->len == s->needed_bytes) { + if ((s->len >= s->needed_bytes) || (s->len >= sizeof(s->data))) { complete_collecting_data(s); } break;