提交 0d093159 编写于 作者: P Paolo Bonzini 提交者: Michael Roth

vt82c686: avoid out-of-bounds read

superio_ioport_readb can read the 256th element of the array.
Coverity reports an out-of-bounds write in superio_ioport_writeb,
but it does not show the corresponding out-of-bounds read
because it cannot prove that it can happen.  Fix the root
cause of the problem (zhanghailang's patch instead fixes
the logic in superio_ioport_writeb).
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Nzhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>
Cc: qemu-stable@nongnu.org
(cherry picked from commit 9feb8ade)
Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
上级 8d1fdb16
...@@ -36,7 +36,7 @@ ...@@ -36,7 +36,7 @@
typedef struct SuperIOConfig typedef struct SuperIOConfig
{ {
uint8_t config[0xff]; uint8_t config[0x100];
uint8_t index; uint8_t index;
uint8_t data; uint8_t data;
} SuperIOConfig; } SuperIOConfig;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册