aboutsummaryrefslogtreecommitdiff
path: root/hw/remote
diff options
context:
space:
mode:
authorMark Cave-Ayland <mark.cave-ayland@ilande.co.uk>2021-04-07 20:57:57 +0100
committerMark Cave-Ayland <mark.cave-ayland@ilande.co.uk>2021-04-12 22:35:53 +0100
commitfbc6510e3379fa8f8370bf71198f0ce733bf07f9 (patch)
tree86357c0774a6b922422d4bb91e13d701e75f9d66 /hw/remote
parentfa7505c154d4d00ad89a747be2eda556643ce00e (diff)
downloadqemu-fbc6510e3379fa8f8370bf71198f0ce733bf07f9.zip
qemu-fbc6510e3379fa8f8370bf71198f0ce733bf07f9.tar.gz
qemu-fbc6510e3379fa8f8370bf71198f0ce733bf07f9.tar.bz2
esp: don't overflow cmdfifo in get_cmd()
If the guest tries to read a CDB using DMA and cmdfifo is not empty then it is possible to overflow cmdfifo. Since this can only occur by issuing deliberately incorrect instruction sequences, ensure that the maximum length of the CDB transferred to cmdfifo is limited to the available free space within cmdfifo. Buglink: https://bugs.launchpad.net/qemu/+bug/1909247 Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <20210407195801.685-9-mark.cave-ayland@ilande.co.uk>
Diffstat (limited to 'hw/remote')
0 files changed, 0 insertions, 0 deletions