[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [QEMU PATCH] m25p80.c: Return state to IDLE after COLLECTIN
From: |
Peter Crosthwaite |
Subject: |
[Qemu-devel] [QEMU PATCH] m25p80.c: Return state to IDLE after COLLECTING |
Date: |
Fri, 25 Jan 2013 17:58:38 -0800 |
Default to moving back to the IDLE state after the COLLECTING_DATA
state. For a well behaved guest this patch has no consequence, but
A bad guest could crash QEMU by using one of the erase commands
followed by a longer than 5 byte argument (undefined behaviour).
Signed-off-by: Peter Crosthwaite <address@hidden>
---
hw/m25p80.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/hw/m25p80.c b/hw/m25p80.c
index ad9e800..16d4880 100644
--- a/hw/m25p80.c
+++ b/hw/m25p80.c
@@ -359,6 +359,8 @@ static void complete_collecting_data(Flash *s)
s->cur_addr |= s->data[1] << 8;
s->cur_addr |= s->data[2];
+ s->state = STATE_IDLE;
+
switch (s->cmd_in_progress) {
case DPP:
case QPP:
--
1.7.12.1.396.g16eed7c
- [Qemu-devel] [QEMU PATCH] m25p80.c: Return state to IDLE after COLLECTING,
Peter Crosthwaite <=