On Mon, Jul 07, 2014 at 02:17:58PM -0400, John Snow wrote:
> +static void ahci_write_fis_pio(AHCIDevice *ad, uint16_t len)
> +{
> + AHCIPortRegs *pr = &ad->port_regs;
> + uint8_t *pio_fis, *cmd_fis;
> + uint64_t tbl_addr;
> + dma_addr_t cmd_len = 0x80;
> +
> + if (!ad->res_fis || !(pr->cmd & PORT_CMD_FIS_RX)) {
> + return;
> + }
> +
> + /* map cmd_fis */
> + tbl_addr = le64_to_cpu(ad->cur_cmd->tbl_addr);
> + cmd_fis = dma_memory_map(ad->hba->as, tbl_addr, &cmd_len,
> + DMA_DIRECTION_TO_DEVICE);We should check cmd_len == 0x80 and cmd_fis != NULL to avoid undefined behavior when accessing cmd_fis.
pgp4617Ej93mJ.pgp
Description: PGP signature
