Il lun 15 mag 2023, 16:49 Théo Maillart ha scritto:
> From my perspective r->buflen can be more than 16 bytes, The Block limits
> VPD
> page length is 0x3c (paragraph 5.4.5 page 475 from SCSI Commands Reference
> Manual, Rev. J).
>
Absolutely you're right. What a mess. :)
Paolo
> On Mon, May
>From my perspective r->buflen can be more than 16 bytes, The Block limits VPD
page length is 0x3c (paragraph 5.4.5 page 475 from SCSI Commands Reference
Manual, Rev. J).
On Mon, May 15, 2023 at 3:58 PM Paolo Bonzini wrote:
>
> Using linux 6.x guest, at boot time, an inquiry on a scsi-generic
> d
Using linux 6.x guest, at boot time, an inquiry on a scsi-generic
device makes qemu crash. This is caused by a buffer overflow when
scsi-generic patches the block limits VPD page.
Do the operations on a temporary on-stack buffer that is guaranteed
to be large enough.
Reported-by: Théo Maillart
