[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] sd: sdhci: check data_count is within fifo_buffer
|
From: |
P J P |
|
Subject: |
Re: [PATCH] sd: sdhci: check data_count is within fifo_buffer |
|
Date: |
Wed, 2 Sep 2020 22:16:24 +0530 (IST) |
+-- On Wed, 2 Sep 2020, Philippe Mathieu-Daudé wrote --+
| > + if (s->data_count <= begin || s->data_count > s->buf_maxsz) {
| > + break;
| > + }
|
| Thanks for your patch. Note however this kind of security fix hides
| the bug in the model, furthermore it makes the model behaves differently
| that the real hardware (which we aim to model).
Right, got it.
| I posted a different fix for this problem (fixing the model bug):
| https://www.mail-archive.com/qemu-devel@nongnu.org/msg735715.html
| (you already reviewed it, thank you - I still comment it for the
| other reviewers).
|
| Can you replace by an assert() call instead? Since this should never
| happen.
Replace above check with an assert() call? Even with your revised fix above?
Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D