Mon, 7 Nov 2022 11:35:10 +0100, you wrote: > Make sure to reset data_count if it's equal to (or exceeds) block_size. > This prevents an off-by-one read / write when accessing s->fifo_buffer > in sdhci_read_dataport / sdhci_write_dataport, both called right after > sdhci_buff_access_is_sequential. > > Fixes: CVE-2022-3872
.. Has this been forgotten, or maybe a better fix is needed? https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01068.html Thanks, /mjt
