Skip to content

Q
Qemu

mirror_resources / Qemu
12 个月 前同步成功

通知 4
Star 0
Fork 0
Q
Qemu

体验新版 GitCode,发现更多精彩内容 >>

提交 2067d39e 编写于 作者: K Kevin Wolf
浏览文件
操作

Revert "nvme: fix oob access issue(CVE-2018-16847)" 

This reverts commit 5e3c0220.
We have a better fix commited for this now.
Signed-off-by: NKevin Wolf <kwolf@redhat.com>
上级 87ad860c
隐藏空白更改
内联 并排
Showing with 0 addition and 7 deletion
hw/block/nvme.c
浏览文件 @ 2067d39e
...@@ -1177,10 +1177,6 @@ static void nvme_cmb_write(void *opaque, hwaddr addr, uint64_t data, ...@@ -1177,10 +1177,6 @@ static void nvme_cmb_write(void *opaque, hwaddr addr, uint64_t data,
unsigned size) unsigned size)
{ {
NvmeCtrl *n = (NvmeCtrl *)opaque; NvmeCtrl *n = (NvmeCtrl *)opaque;
if (addr + size > NVME_CMBSZ_GETSIZE(n->bar.cmbsz)) {
return;
}
memcpy(&n->cmbuf[addr], &data, size); memcpy(&n->cmbuf[addr], &data, size);
} }
...@@ -1189,9 +1185,6 @@ static uint64_t nvme_cmb_read(void *opaque, hwaddr addr, unsigned size) ...@@ -1189,9 +1185,6 @@ static uint64_t nvme_cmb_read(void *opaque, hwaddr addr, unsigned size)
uint64_t val; uint64_t val;
NvmeCtrl *n = (NvmeCtrl *)opaque; NvmeCtrl *n = (NvmeCtrl *)opaque;
if (addr + size > NVME_CMBSZ_GETSIZE(n->bar.cmbsz)) {
return 0;
}
memcpy(&val, &n->cmbuf[addr], size); memcpy(&val, &n->cmbuf[addr], size);
return val; return val;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册