qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] hw/cxl: Fix out of bound array access

From: Philippe Mathieu-Daudé
Subject: Re: [PATCH] hw/cxl: Fix out of bound array access
Date: Thu, 14 Sep 2023 14:59:00 +0200
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.15.0 
On 14/9/23 14:38, Michael Tokarev wrote:

14.09.2023 15:37, Michael Tokarev:

13.09.2023 13:10, Dmitry Frolov wrote:

According to cxl_interleave_ways_enc(),
fw->num_targets is allowed to be up to 16.
This also corresponds to CXL specs.
So, the fw->target_hbs[] array is iterated from 0 to 15.
But it is staticaly declared of length 8.
Thus, out of bound array access may occur.
Fixes: c28db9e000 ("hw/pci-bridge: Make PCIe and CXL PXB Devices inherit from TYPE_PXB_DEV") 

Signed-off-by: Dmitry Frolov <frolov@swemel.ru>


Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
(with the extra empty line removed :)


Also,

Cc: qemu-stable@nongnu.org

for stable-8.1.


[not related to this particular patch]

Maybe this can help if we specify the releases range as a comment
in the Cc tag, for example here:

Cc: qemu-stable@nongnu.org # v8.1

and if it were a range:

Cc: qemu-stable@nongnu.org # v6.2 to v8.0

Michael would that help? If so feel free to modify
docs/devel/stable-process.rst :)

Regards,

Phil.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]