On Tue, Oct 06, 2015 at 10:40:41AM -0700, Alistair Francis wrote: > It is possible for the guest to set an invalid block > size which is larger then the fifo_buffer[] array. This > could cause a buffer overflow. > > To avoid this limit the maximum size of the blksize variable. > > Signed-off-by: Alistair Francis <alistair.fran...@xilinx.com> > Suggested-by: Igor Mitsyanko <i.mitsya...@gmail.com> > Reported-by: Intel Security ATR <sec...@intel.com> > Reviewed-by: Stefan Hajnoczi <stefa...@redhat.com> > --- > > hw/sd/sdhci.c | 10 ++++++++++ > 1 file changed, 10 insertions(+)
Thanks, applied to my block tree: https://github.com/stefanha/qemu/commits/block Stefan