[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 07/12] target/microblaze: Fix possible array out of bounds in mmu_
From: |
Thomas Huth |
Subject: |
[PULL 07/12] target/microblaze: Fix possible array out of bounds in mmu_write() |
Date: |
Tue, 17 Nov 2020 10:57:43 +0100 |
From: AlexChen <alex.chen@huawei.com>
The size of env->mmu.regs is 3, but the range of 'rn' is [0, 5].
To avoid data access out of bounds, only if 'rn' is less than 3, we
can print env->mmu.regs[rn]. In other cases, we can print
env->mmu.regs[MMU_R_TLBX].
Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: Alex Chen <alex.chen@huawei.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-Id: <5FA10ABA.1080109@huawei.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
---
target/microblaze/mmu.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/target/microblaze/mmu.c b/target/microblaze/mmu.c
index 2baaef7545..1e426963ba 100644
--- a/target/microblaze/mmu.c
+++ b/target/microblaze/mmu.c
@@ -234,7 +234,8 @@ void mmu_write(CPUMBState *env, bool ext, uint32_t rn,
uint32_t v)
unsigned int i;
qemu_log_mask(CPU_LOG_MMU,
- "%s rn=%d=%x old=%x\n", __func__, rn, v, env->mmu.regs[rn]);
+ "%s rn=%d=%x old=%x\n", __func__, rn, v,
+ rn < 3 ? env->mmu.regs[rn] : env->mmu.regs[MMU_R_TLBX]);
if (cpu->cfg.mmu < 2 || !cpu->cfg.mmu_tlb_access) {
qemu_log_mask(LOG_GUEST_ERROR, "MMU access on MMU-less system\n");
--
2.18.4
- [PULL 00/12] Misc fixes for 5.2, Thomas Huth, 2020/11/17
- [PULL 01/12] qemu/bswap: Remove unused qemu_bswap_len(), Thomas Huth, 2020/11/17
- [PULL 02/12] configure: Fix the _BSD_SOURCE define for the Haiku build, Thomas Huth, 2020/11/17
- [PULL 07/12] target/microblaze: Fix possible array out of bounds in mmu_write(),
Thomas Huth <=
- [PULL 08/12] gitlab-ci: Use $CI_REGISTRY instead of hard-coding registry.gitlab.com, Thomas Huth, 2020/11/17
- [PULL 03/12] configure: Do not build pc-bios/optionrom on Haiku, Thomas Huth, 2020/11/17
- [PULL 09/12] ssd0323: put it into the 'display' category, Thomas Huth, 2020/11/17
- [PULL 04/12] configure: Add a proper check for sys/ioccom.h and use it in tpm_ioctl.h, Thomas Huth, 2020/11/17
- [PULL 05/12] tests/vm: Add Haiku test based on their vagrant images, Thomas Huth, 2020/11/17
- [PULL 06/12] tests/vm: update NetBSD to 9.1, Thomas Huth, 2020/11/17
- [PULL 10/12] ads7846: put it into the 'input' category, Thomas Huth, 2020/11/17
- [PULL 11/12] nand: put it into the 'storage' category, Thomas Huth, 2020/11/17
- [PULL 12/12] max111x: put it into the 'misc' category, Thomas Huth, 2020/11/17
- Re: [PULL 00/12] Misc fixes for 5.2, Peter Maydell, 2020/11/17