[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] hw/sd/sdhci: reset data count in sdhci_buff_access_is_sequen
|
From: |
Michael Tokarev |
|
Subject: |
Re: [PATCH] hw/sd/sdhci: reset data count in sdhci_buff_access_is_sequential() |
|
Date: |
Sat, 27 May 2023 12:00:15 +0300 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 |
Mon, 7 Nov 2022 11:35:10 +0100, you wrote:
> Make sure to reset data_count if it's equal to (or exceeds) block_size.
> This prevents an off-by-one read / write when accessing s->fifo_buffer
> in sdhci_read_dataport / sdhci_write_dataport, both called right after
> sdhci_buff_access_is_sequential.
>
> Fixes: CVE-2022-3872
..
Has this been forgotten, or maybe a better fix is needed?
https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01068.html
Thanks,
/mjt
- Re: [PATCH] hw/sd/sdhci: reset data count in sdhci_buff_access_is_sequential(),
Michael Tokarev <=