On Fri, Jan 25, 2013 at 05:58:38PM -0800, Peter Crosthwaite wrote:
> Default to moving back to the IDLE state after the COLLECTING_DATA
> state. For a well behaved guest this patch has no consequence, but
> A bad guest could crash QEMU by using one of the erase commands
> followed by a longer than 5 byte argument (undefined behaviour).
Applied it, thanks
>
> Signed-off-by: Peter Crosthwaite <peter.crosthwa...@xilinx.com>
> ---
> hw/m25p80.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/hw/m25p80.c b/hw/m25p80.c
> index ad9e800..16d4880 100644
> --- a/hw/m25p80.c
> +++ b/hw/m25p80.c
> @@ -359,6 +359,8 @@ static void complete_collecting_data(Flash *s)
> s->cur_addr |= s->data[1] << 8;
> s->cur_addr |= s->data[2];
>
> + s->state = STATE_IDLE;
> +
> switch (s->cmd_in_progress) {
> case DPP:
> case QPP:
> --
> 1.7.12.1.396.g16eed7c
>
>
