[PULL 07/12] target/microblaze: Fix possible array out of bounds in mmu

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PULL 07/12] target/microblaze: Fix possible array out of bounds in mmu_

From:	Thomas Huth
Subject:	[PULL 07/12] target/microblaze: Fix possible array out of bounds in mmu_write()
Date:	Tue, 17 Nov 2020 10:57:43 +0100

From: AlexChen <alex.chen@huawei.com>

The size of env->mmu.regs is 3, but the range of 'rn' is [0, 5].
To avoid data access out of bounds, only if 'rn' is less than 3, we
can print env->mmu.regs[rn]. In other cases, we can print
env->mmu.regs[MMU_R_TLBX].

Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: Alex Chen <alex.chen@huawei.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-Id: <5FA10ABA.1080109@huawei.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
---
 target/microblaze/mmu.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/target/microblaze/mmu.c b/target/microblaze/mmu.c
index 2baaef7545..1e426963ba 100644
--- a/target/microblaze/mmu.c
+++ b/target/microblaze/mmu.c
@@ -234,7 +234,8 @@ void mmu_write(CPUMBState *env, bool ext, uint32_t rn, 
uint32_t v)
     unsigned int i;
 
     qemu_log_mask(CPU_LOG_MMU,
-                  "%s rn=%d=%x old=%x\n", __func__, rn, v, env->mmu.regs[rn]);
+                  "%s rn=%d=%x old=%x\n", __func__, rn, v,
+                  rn < 3 ? env->mmu.regs[rn] : env->mmu.regs[MMU_R_TLBX]);
 
     if (cpu->cfg.mmu < 2 || !cpu->cfg.mmu_tlb_access) {
         qemu_log_mask(LOG_GUEST_ERROR, "MMU access on MMU-less system\n");
-- 
2.18.4

[Prev in Thread]

Current Thread

[Next in Thread]

[PULL 00/12] Misc fixes for 5.2, Thomas Huth, 2020/11/17
- [PULL 01/12] qemu/bswap: Remove unused qemu_bswap_len(), Thomas Huth, 2020/11/17
- [PULL 02/12] configure: Fix the _BSD_SOURCE define for the Haiku build, Thomas Huth, 2020/11/17
- [PULL 07/12] target/microblaze: Fix possible array out of bounds in mmu_write(), Thomas Huth <=
- [PULL 08/12] gitlab-ci: Use $CI_REGISTRY instead of hard-coding registry.gitlab.com, Thomas Huth, 2020/11/17
- [PULL 03/12] configure: Do not build pc-bios/optionrom on Haiku, Thomas Huth, 2020/11/17
- [PULL 09/12] ssd0323: put it into the 'display' category, Thomas Huth, 2020/11/17
- [PULL 04/12] configure: Add a proper check for sys/ioccom.h and use it in tpm_ioctl.h, Thomas Huth, 2020/11/17
- [PULL 05/12] tests/vm: Add Haiku test based on their vagrant images, Thomas Huth, 2020/11/17
- [PULL 06/12] tests/vm: update NetBSD to 9.1, Thomas Huth, 2020/11/17
- [PULL 10/12] ads7846: put it into the 'input' category, Thomas Huth, 2020/11/17
- [PULL 11/12] nand: put it into the 'storage' category, Thomas Huth, 2020/11/17
- [PULL 12/12] max111x: put it into the 'misc' category, Thomas Huth, 2020/11/17
- Re: [PULL 00/12] Misc fixes for 5.2, Peter Maydell, 2020/11/17

Prev by Date: [PULL 02/12] configure: Fix the _BSD_SOURCE define for the Haiku build
Next by Date: [PULL 08/12] gitlab-ci: Use $CI_REGISTRY instead of hard-coding registry.gitlab.com
Previous by thread: [PULL 02/12] configure: Fix the _BSD_SOURCE define for the Haiku build
Next by thread: [PULL 08/12] gitlab-ci: Use $CI_REGISTRY instead of hard-coding registry.gitlab.com
Index(es):
- Date
- Thread