projects / qemu.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cc6498e)
hw/core/sysbus: Assert memory region index is in range
authorPhilippe Mathieu-Daudé <f4bug@amsat.org>
Thu, 6 Aug 2020 13:09:45 +0000 (15:09 +0200)
committerLaurent Vivier <laurent@vivier.eu>
Tue, 1 Sep 2020 07:28:28 +0000 (09:28 +0200)
Devices incorrectly modelled might use invalid index while
calling sysbus_mmio_get_region(), leading to OOB access.
Help developers by asserting the index is in range.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200806130945.21629-3-f4bug@amsat.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
hw/core/sysbus.c patch | blob | history

diff --git a/hw/core/sysbus.c b/hw/core/sysbus.c
index 77ab351ce1a86861be368cabc7013d15d82fdb92..294f90b7deefa2629ba7cb8e7f8779f7065adfd0 100644 (file)
--- a/hw/core/sysbus.c
+++ b/hw/core/sysbus.c
@@ -199,6 +199,7 @@ void sysbus_init_mmio(SysBusDevice *dev, MemoryRegion *memory)
 
 MemoryRegion *sysbus_mmio_get_region(SysBusDevice *dev, int n)
 {
+    assert(n >= 0 && n < QDEV_MAX_MMIO);
     return dev->mmio[n].memory;
 }
 
Unnamed repository; edit this file 'description' to name the repository.