[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] sd: Fix out-of-bounds assertions
From: |
Aleksandar Markovic |
Subject: |
Re: [Qemu-devel] [PATCH] sd: Fix out-of-bounds assertions |
Date: |
Tue, 9 Apr 2019 09:40:18 +0000 |
Markus wrote:
> This is the second fix for this bug pattern in a fortnight. Where's
> one, there are more:
>
> $ git-grep '<= ARRAY_SIZE'
> hw/intc/arm_gicv3_cpuif.c: assert(aprmax <= ARRAY_SIZE(cs->ich_apr[0]));
> hw/intc/arm_gicv3_cpuif.c: assert(aprmax <= ARRAY_SIZE(cs->ich_apr[0]));
> hw/net/stellaris_enet.c: if (s->tx_fifo_len + 4 <=
> ARRAY_SIZE(s->tx_fifo)) {
> hw/sd/pxa2xx_mmci.c: && s->tx_len <= ARRAY_SIZE(s->tx_fifo)
> hw/sd/pxa2xx_mmci.c: && s->rx_len <= ARRAY_SIZE(s->rx_fifo)
> hw/sd/pxa2xx_mmci.c: && s->resp_len <= ARRAY_SIZE(s->resp_fifo);
> hw/sd/sd.c: assert(state <= ARRAY_SIZE(state_name));
> hw/sd/sd.c: assert(rsp <= ARRAY_SIZE(response_name));
> hw/usb/hcd-xhci.c: assert(n <= ARRAY_SIZE(tmp));
> target/mips/op_helper.c: if (base_reglist > 0 && base_reglist <=
> ARRAY_SIZE (multiple_regs)) {
> target/mips/op_helper.c: if (base_reglist > 0 && base_reglist <=
> ARRAY_SIZE (multiple_regs)) {
> target/mips/op_helper.c: if (base_reglist > 0 && base_reglist <=
> ARRAY_SIZE (multiple_regs)) {
> target/mips/op_helper.c: if (base_reglist > 0 && base_reglist <=
> ARRAY_SIZE (multiple_regs)) {
> target/ppc/kvm.c: <= ARRAY_SIZE(hw_debug_points));
> target/ppc/kvm.c: <= ARRAY_SIZE(hw_debug_points));
> target/ppc/kvm.c: assert((nb_hw_breakpoint + nb_hw_watchpoint) <=
> ARRAY_SIZE(dbg->arch.bp));
> tcg/tcg.c: tcg_debug_assert(pi <= ARRAY_SIZE(op->args));
> util/main-loop.c: g_assert(n_poll_fds <= ARRAY_SIZE(poll_fds));
> util/module.c: assert(n_dirs <= ARRAY_SIZE(dirs));
There could be even more:
$ git grep '> ARRAY_SIZE'
hw/display/ssd0323.c: if (s->cmd_len > ARRAY_SIZE(s->cmd_data)) {
hw/display/vmware_vga.c: || SVGA_BITMAP_SIZE(x, y) >
ARRAY_SIZE(cursor.mask)
hw/display/vmware_vga.c: > ARRAY_SIZE(cursor.image)) {
hw/dma/xlnx-zdma.c: len = src_size > ARRAY_SIZE(s->buf) ?
ARRAY_SIZE(s->buf) : src_size;
hw/net/stellaris_enet.c: if (s->np > ARRAY_SIZE(s->rx)) {
hw/net/stellaris_enet.c: if (s->rx[i].len > ARRAY_SIZE(s->rx[i].data)) {
hw/net/stellaris_enet.c: if (s->rx_fifo_offset > ARRAY_SIZE(s->rx[0].data) -
4) {
hw/net/stellaris_enet.c: if (s->tx_fifo_len > ARRAY_SIZE(s->tx_fifo)) {
hw/scsi/mptsas.c: ((s)->name##_head > ARRAY_SIZE((s)->name) || \
hw/scsi/mptsas.c: (s)->name##_tail > ARRAY_SIZE((s)->name))
hw/scsi/mptsas.c: s->doorbell_cnt > ARRAY_SIZE(s->doorbell_msg) ||
hw/scsi/mptsas.c: s->doorbell_reply_size > ARRAY_SIZE(s->doorbell_reply)
||
hw/sd/ssi-sd.c: (!s->stopping && s->arglen > ARRAY_SIZE(s->response)))) {
hw/usb/dev-mtp.c: if (cmd.argc > ARRAY_SIZE(cmd.argv)) {
linux-user/syscall.c: if (nargs[num] > ARRAY_SIZE(a)) {
target/sh4/translate.c: if (max_insns > ARRAY_SIZE(insns)) {
CC-ing additional maintainers.
Aleksandar
- Re: [Qemu-devel] [PATCH] sd: Fix out-of-bounds assertions, (continued)
- Re: [Qemu-devel] [PATCH] sd: Fix out-of-bounds assertions, Philippe Mathieu-Daudé, 2019/04/08
- Re: [Qemu-devel] [PATCH] sd: Fix out-of-bounds assertions, Li Qiang, 2019/04/08
- Re: [Qemu-devel] [PATCH] sd: Fix out-of-bounds assertions, Markus Armbruster, 2019/04/09
- Re: [Qemu-devel] [PATCH] sd: Fix out-of-bounds assertions, Aleksandar Markovic, 2019/04/09
- Re: [Qemu-devel] [PATCH] sd: Fix out-of-bounds assertions, Philippe Mathieu-Daudé, 2019/04/09
- Re: [Qemu-devel] [PATCH] sd: Fix out-of-bounds assertions, Daniel P . Berrangé, 2019/04/11
- Re: [Qemu-devel] [PATCH] sd: Fix out-of-bounds assertions, Markus Armbruster, 2019/04/11
- Re: [Qemu-devel] [PATCH] sd: Fix out-of-bounds assertions, Daniel P . Berrangé, 2019/04/11
- Re: [Qemu-devel] [PATCH] sd: Fix out-of-bounds assertions, Markus Armbruster, 2019/04/11
Re: [Qemu-devel] [PATCH] sd: Fix out-of-bounds assertions,
Aleksandar Markovic <=
Re: [Qemu-devel] [PATCH] sd: Fix out-of-bounds assertions, Peter Maydell, 2019/04/09
Re: [Qemu-devel] [PATCH] sd: Fix out-of-bounds assertions, Liam Merwick, 2019/04/09