Default to moving back to the IDLE state after the COLLECTING_DATA
state. For a well behaved guest this patch has no consequence, but
A bad guest could crash QEMU by using one of the erase commands
followed by a longer than 5 byte argument (undefined behaviour).
Signed-off-by: Peter Crosthwaite <peter.crosthwa...@xilinx.com>
---
hw/m25p80.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/hw/m25p80.c b/hw/m25p80.c
index ad9e800..16d4880 100644
--- a/hw/m25p80.c
+++ b/hw/m25p80.c
@@ -359,6 +359,8 @@ static void complete_collecting_data(Flash *s)
s->cur_addr |= s->data[1] << 8;
s->cur_addr |= s->data[2];
+ s->state = STATE_IDLE;
+
switch (s->cmd_in_progress) {
case DPP:
case QPP:
--
1.7.12.1.396.g16eed7c
