Alistair Francis 9201bb9a8c sdhci.c: Limit the maximum block size ...

It is possible for the guest to set an invalid block
size which is larger then the fifo_buffer[] array. This
could cause a buffer overflow.

To avoid this limit the maximum size of the blksize variable.

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reported-by: Intel Security ATR <secure@intel.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-id: abe4c51f513290bbb85d1ee271cb1a3d463d7561.1444067470.git.alistair.francis@xilinx.com
Suggested-by: Igor Mitsyanko <i.mitsyanko@gmail.com>
Reported-by: Intel Security ATR <secure@intel.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

2015-10-12 11:17:45 +01:00

..

Makefile.objs

hw: move SD/MMC devices to hw/sd/, configure with default-configs/

2013-04-08 18:13:14 +02:00

milkymist-memcard.c

sysbus: Make devices picking up backends unavailable with -device

2015-04-02 15:30:44 +02:00

omap_mmc.c

arm: Use g_new() & friends where that makes obvious sense

2015-09-07 10:39:27 +01:00

pl181.c

typofixes - v4

2015-09-11 10:45:43 +03:00

pxa2xx_mmci.c

hw/sd/pxa2xx_mmci: Stop using old_mmio in MemoryRegionOps

2015-06-15 18:06:09 +01:00

sd.c

sdhci: Pass drive parameter to sdhci-pci via qdev property

2015-10-12 09:21:10 +01:00

sdhci.c

sdhci.c: Limit the maximum block size

2015-10-12 11:17:45 +01:00

sdhci.h

sdhci: Pass drive parameter to sdhci-pci via qdev property

2015-10-12 09:21:10 +01:00

ssi-sd.c

hw: Mark devices picking up block backends actively FIXME

2015-04-02 15:26:27 +02:00