[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 3/4] esp: ensure cmdfifo is not empty and current_dev is non-
From: |
Alexander Bulekov |
Subject: |
Re: [PATCH 3/4] esp: ensure cmdfifo is not empty and current_dev is non-NULL |
Date: |
Wed, 17 Mar 2021 11:47:35 -0400 |
Hi Mark,
On 210316 2330, Mark Cave-Ayland wrote:
> When about to execute a SCSI command, ensure that cmdfifo is not empty and
> current_dev is non-NULL. This can happen if the guest tries to execute a TI
> (Transfer Information) command without issuing one of the select commands
> first.
>
> Buglink: https://bugs.launchpad.net/qemu/+bug/1910723
^ Can't reproduce this one anymore
> Buglink: https://bugs.launchpad.net/qemu/+bug/1909247
However, this still seems to cause a UAF:
https://bugs.launchpad.net/qemu/+bug/1909247/comments/6
-Alex
> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
> ---
> hw/scsi/esp.c | 3 +++
> 1 file changed, 3 insertions(+)
- [PATCH 0/4] esp: fix asserts/segfaults discovered by fuzzer, Mark Cave-Ayland, 2021/03/16
- [PATCH 1/4] esp: don't underflow cmdfifo if no message out/command data is present, Mark Cave-Ayland, 2021/03/16
- [PATCH 2/4] esp: don't overflow cmdfifo if TC is larger than the cmdfifo size, Mark Cave-Ayland, 2021/03/16
- [PATCH 3/4] esp: ensure cmdfifo is not empty and current_dev is non-NULL, Mark Cave-Ayland, 2021/03/16
- [PATCH 4/4] esp: always check current_req is not NULL before use in DMA callbacks, Mark Cave-Ayland, 2021/03/16
- Re: [PATCH 0/4] esp: fix asserts/segfaults discovered by fuzzer, Philippe Mathieu-Daudé, 2021/03/16
- Re: [PATCH 0/4] esp: fix asserts/segfaults discovered by fuzzer, Paolo Bonzini, 2021/03/17