Home Esplora Aiuto
Registrati Accedi
FangSoftSoft
/
qemu
mirror da https://github.com/utmapp/qemu.git
2
0
Forka 0
File Problemi 0 Wiki
Sfoglia il codice sorgente

hw/cxl: Check the length of data requested fits in get_log()

Checking offset + length is of no relevance when verifying the CEL
data will fit in the mailbox payload. Only the length is is relevant.

Note that this removes a potential overflow.

Reported-by: Esifiel <esifiel@gmail.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20241101133917.27634-6-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Jonathan Cameron 9 mesi fa
parent
a3995360ae
commit
f9f0fa2438
1 ha cambiato i file con 1 aggiunte e 1 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 1 1
      hw/cxl/cxl-mailbox-utils.c

+ 1 - 1
hw/cxl/cxl-mailbox-utils.c
Vedi File 

@@ -947,7 +947,7 @@ static CXLRetCode cmd_logs_get_log(const struct cxl_cmd *cmd,
 
      * the only possible failure would be if the mailbox itself isn't big
 
      * enough.
 
      */
 
-    if (get_log->offset + get_log->length > cci->payload_max) {
 
+    if (get_log->length > cci->payload_max) {
 
         return CXL_MBOX_INVALID_INPUT;
 
     }