haraldwolff/qemu-patch-raspberry4
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

lan9118: fix a buffer overflow

Browse source 
Fix a buffer overflow, reported by cppcheck:
[/src/qemu/hw/lan9118.c:849]: (error) Buffer access out-of-bounds: s.eeprom

All eeprom handling code assumes that the size of eeprom is 128,
except lan9118_eeprom_cmd. Fix this by restricting the address passed.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This commit is contained in:
Blue Swirl 2011-01-12 21:00:01 +00:00
parent f0ff243a16
commit c46a3ea025
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
hw/lan9118.c
View file

@ -187,7 +187,7 @@ typedef struct {
uint32_t phy_int_mask;
int eeprom_writable;
uint8_t eeprom[8];
uint8_t eeprom[128];
int tx_fifo_size;
LAN9118Packet *txp;
@ -1003,7 +1003,7 @@ static void lan9118_writel(void *opaque, target_phys_addr_t offset,
s->afc_cfg = val & 0x00ffffff;
break;
case CSR_E2P_CMD:
lan9118_eeprom_cmd(s, (val >> 28) & 7, val & 0xff);
lan9118_eeprom_cmd(s, (val >> 28) & 7, val & 0x7f);
break;
case CSR_E2P_DATA:
s->e2p_data = val & 0xff;