|
From: | Philippe Mathieu-Daudé |
Subject: | Re: [PATCH] hw/cxl: Fix out of bound array access |
Date: | Thu, 14 Sep 2023 14:59:00 +0200 |
User-agent: | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.15.0 |
On 14/9/23 14:38, Michael Tokarev wrote:
14.09.2023 15:37, Michael Tokarev:13.09.2023 13:10, Dmitry Frolov wrote:According to cxl_interleave_ways_enc(), fw->num_targets is allowed to be up to 16. This also corresponds to CXL specs. So, the fw->target_hbs[] array is iterated from 0 to 15. But it is staticaly declared of length 8. Thus, out of bound array access may occur.Fixes: c28db9e000 ("hw/pci-bridge: Make PCIe and CXL PXB Devices inherit from TYPE_PXB_DEV")Signed-off-by: Dmitry Frolov <frolov@swemel.ru>Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> (with the extra empty line removed :)Also, Cc: qemu-stable@nongnu.org for stable-8.1.
[not related to this particular patch] Maybe this can help if we specify the releases range as a comment in the Cc tag, for example here: Cc: qemu-stable@nongnu.org # v8.1 and if it were a range: Cc: qemu-stable@nongnu.org # v6.2 to v8.0 Michael would that help? If so feel free to modify docs/devel/stable-process.rst :) Regards, Phil.
[Prev in Thread] | Current Thread | [Next in Thread] |