m25p80.c: Return state to IDLE after COLLECTING

Default to moving back to the IDLE state after the COLLECTING_DATA state. For a well behaved guest this patch has no consequence, but A bad guest could crash QEMU by using one of the erase commands followed by a longer than 5 byte argument (undefined behaviour). Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
author: Peter Crosthwaite <peter.crosthwaite@xilinx.com> 2013-01-25 17:58:38 -0800
committer: Edgar E. Iglesias <edgar.iglesias@gmail.com> 2013-01-27 01:00:19 +0100
commit: a56d305a6d706cd75cfe0fa473f45772694f2a4a (patch)
tree: b9106c607bb6830d902cb18593ce08bd995a4781 /hw/m25p80.c
parent: 2f991adb8e8cad3233ae653be12cfd72d44168ba (diff)
download: qemu-a56d305a6d706cd75cfe0fa473f45772694f2a4a.zip
qemu-a56d305a6d706cd75cfe0fa473f45772694f2a4a.tar.gz
qemu-a56d305a6d706cd75cfe0fa473f45772694f2a4a.tar.bz2
1 files changed, 2 insertions, 0 deletions
diff --git a/hw/m25p80.c b/hw/m25p80.c
index d392656..788c196 100644
--- a/hw/m25p80.c
+++ b/hw/m25p80.c
@@ -358,6 +358,8 @@ static void complete_collecting_data(Flash *s)
     s->cur_addr |= s->data[1] << 8;
     s->cur_addr |= s->data[2];
 
+    s->state = STATE_IDLE;
+
     switch (s->cmd_in_progress) {
     case DPP:
     case QPP:
author	Peter Crosthwaite <peter.crosthwaite@xilinx.com>	2013-01-25 17:58:38 -0800
committer	Edgar E. Iglesias <edgar.iglesias@gmail.com>	2013-01-27 01:00:19 +0100
commit	a56d305a6d706cd75cfe0fa473f45772694f2a4a (patch)
tree	b9106c607bb6830d902cb18593ce08bd995a4781 /hw/m25p80.c
parent	2f991adb8e8cad3233ae653be12cfd72d44168ba (diff)
download	qemu-a56d305a6d706cd75cfe0fa473f45772694f2a4a.zip qemu-a56d305a6d706cd75cfe0fa473f45772694f2a4a.tar.gz qemu-a56d305a6d706cd75cfe0fa473f45772694f2a4a.tar.bz2