diff options
| author | Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> | 2021-04-07 20:57:54 +0100 |
|---|---|---|
| committer | Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> | 2021-04-12 22:35:19 +0100 |
| commit | 7b320a8e67a534925048cbabfa51431e0349dafd (patch) | |
| tree | 02ca07da3239b8bc3c08335c1bf4c29266b5defa /hw/tpm/tpm_crb.c | |
| parent | c5fef9112b15c4b5494791cdf8bbb40bc1938dd3 (diff) | |
| download | qemu-7b320a8e67a534925048cbabfa51431e0349dafd.zip qemu-7b320a8e67a534925048cbabfa51431e0349dafd.tar.gz qemu-7b320a8e67a534925048cbabfa51431e0349dafd.tar.bz2 | |
esp: introduce esp_fifo_pop_buf() and use it instead of fifo8_pop_buf()
The const pointer returned by fifo8_pop_buf() lies directly within the array used
to model the FIFO. Building with address sanitizers enabled shows that if the
caller expects a minimum number of bytes present then if the FIFO is nearly full,
the caller may unexpectedly access past the end of the array.
Introduce esp_fifo_pop_buf() which takes a destination buffer and performs a
memcpy() in it to guarantee that the caller cannot overwrite the FIFO array and
update all callers to use it. Similarly add underflow protection similar to
esp_fifo_push() and esp_fifo_pop() so that instead of triggering an assert()
the operation becomes a no-op.
Buglink: https://bugs.launchpad.net/qemu/+bug/1909247
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20210407195801.685-6-mark.cave-ayland@ilande.co.uk>
Diffstat (limited to 'hw/tpm/tpm_crb.c')
0 files changed, 0 insertions, 0 deletions