OSDN Git Service

(root) / qmiga / qemu.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 102ce60) | patch
hw/block/nvme: fix ns attachment out-of-bounds read
authorKlaus Jensen <k.jensen@samsung.com>
Wed, 7 Apr 2021 04:54:34 +0000 (06:54 +0200)
committerKlaus Jensen <k.jensen@samsung.com>
Wed, 7 Apr 2021 08:48:32 +0000 (10:48 +0200)
commit8eb5c8069a5ccb8dadf35765b6f9cca10fb98b84
treeb4dad370abf0c6231bfbffa480c00364cef2b2actree | snapshot
parent102ce606fbfa72ce0f22d0320ae9bb8068091ddecommit | diff
hw/block/nvme: fix ns attachment out-of-bounds read

nvme_ns_attachment() does not verify the contents of the host-supplied
16 bit "Number of Identifiers" field in the command payload.

Make sure the value is capped at 2047 and fix the out-of-bounds read.

Fixes: 645ce1a70cb6 ("hw/block/nvme: support namespace attachment command")
Cc: Minwoo Im <minwoo.im.dev@gmail.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Minwoo Im <minwoo.im.dev@gmail.com>
hw/block/nvme.c diff | blob | history
About OSDN
Find Software
Develop Software
Help