[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] sd: sdhci: check data_count is within fifo_buffer
|
From: |
Philippe Mathieu-Daudé |
|
Subject: |
Re: [PATCH] sd: sdhci: check data_count is within fifo_buffer |
|
Date: |
Wed, 2 Sep 2020 19:34:07 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.11.0 |
On 9/2/20 6:46 PM, P J P wrote:
> +-- On Wed, 2 Sep 2020, Philippe Mathieu-Daudé wrote --+
> | > + if (s->data_count <= begin || s->data_count > s->buf_maxsz) {
> | > + break;
> | > + }
> |
> | Thanks for your patch. Note however this kind of security fix hides
> | the bug in the model, furthermore it makes the model behaves differently
> | that the real hardware (which we aim to model).
>
> Right, got it.
>
> | I posted a different fix for this problem (fixing the model bug):
> | https://www.mail-archive.com/qemu-devel@nongnu.org/msg735715.html
> | (you already reviewed it, thank you - I still comment it for the
> | other reviewers).
> |
> | Can you replace by an assert() call instead? Since this should never
> | happen.
>
> Replace above check with an assert() call? Even with your revised fix above?
Well, there might be other bugs leading there...
>
>
> Thank you.
> --
> Prasad J Pandit / Red Hat Product Security Team
> 8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
>