Re: [Qemu-devel] [PATCH v1 1/1] sdhci.c: Limit the maximum block size

2015-10-08 Thread Stefan Hajnoczi
On Tue, Oct 06, 2015 at 10:40:41AM -0700, Alistair Francis wrote: > It is possible for the guest to set an invalid block > size which is larger then the fifo_buffer[] array. This > could cause a buffer overflow. > > To avoid this limit the maximum size of the blksize variable. > > Signed-off-by:

Re: [Qemu-devel] [PATCH v1 1/1] sdhci.c: Limit the maximum block size

2015-10-08 Thread Stefan Hajnoczi
On Tue, Oct 06, 2015 at 11:34:46AM -0700, Peter Crosthwaite wrote: > On Tue, Oct 6, 2015 at 10:40 AM, Alistair Francis > wrote: > > It is possible for the guest to set an invalid block > > size which is larger then the fifo_buffer[] array. This > > could cause a

Re: [Qemu-devel] [PATCH v1 1/1] sdhci.c: Limit the maximum block size

2015-10-08 Thread Alistair Francis
On Thu, Oct 8, 2015 at 2:49 AM, Stefan Hajnoczi wrote: > On Tue, Oct 06, 2015 at 11:34:46AM -0700, Peter Crosthwaite wrote: >> On Tue, Oct 6, 2015 at 10:40 AM, Alistair Francis >> wrote: >> > It is possible for the guest to set an invalid block >>

Re: [Qemu-devel] [PATCH v1 1/1] sdhci.c: Limit the maximum block size

2015-10-06 Thread Peter Crosthwaite
On Tue, Oct 6, 2015 at 10:40 AM, Alistair Francis wrote: > It is possible for the guest to set an invalid block > size which is larger then the fifo_buffer[] array. This > could cause a buffer overflow. > > To avoid this limit the maximum size of the blksize variable.

[Qemu-devel] [PATCH v1 1/1] sdhci.c: Limit the maximum block size

2015-10-06 Thread Alistair Francis
It is possible for the guest to set an invalid block size which is larger then the fifo_buffer[] array. This could cause a buffer overflow. To avoid this limit the maximum size of the blksize variable. Signed-off-by: Alistair Francis Suggested-by: Igor Mitsyanko