motorhead/qemu
1
0
Fork 0
mirror of https://github.com/Motorhead1991/qemu.git synced 2025-07-27 12:23:53 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

hw/sd: fix out-of-bounds check for multi block reads

Browse source 
The current code checks if the next block exceeds the size of the card.
This generates an error while reading the last block of the card.
Do the out-of-bounds check when starting to read a new block to fix this.

This issue became visible with increased error checking in Linux 4.13.

Cc: qemu-stable@nongnu.org
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Message-id: 20170916091611.10241-1-m.olbrich@pengutronix.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
Michael Olbrich 2017-10-06 16:46:47 +01:00 committed by Peter Maydell
parent 77077a8300
commit 8573378e62
1 changed files with 6 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

12
hw/sd/sd.c
View file

@ -1797,8 +1797,13 @@ uint8_t sd_read_data(SDState *sd)
break;
case 18: /* CMD18: READ_MULTIPLE_BLOCK */
if (sd->data_offset == 0)
if (sd->data_offset == 0) {
if (sd->data_start + io_len > sd->size) {
sd->card_status |= ADDRESS_ERROR;
return 0x00;
}
BLK_READ_BLOCK(sd->data_start, io_len);
}
ret = sd->data[sd->data_offset ++];
if (sd->data_offset >= io_len) {
@ -1812,11 +1817,6 @@ uint8_t sd_read_data(SDState *sd)
break;
}
}
if (sd->data_start + io_len > sd->size) {
sd->card_status |= ADDRESS_ERROR;
break;
}
}
break;