Re: [Qemu-devel] [PATCH 2/3] nvme: check size before memcpy

2018-10-26 Thread Paolo Bonzini
On 22/10/2018 14:14, P J P wrote: > From: Prasad J Pandit > > While in nvme_mmio_read, memcpy could read past the 'n->bar' > buffer, if addr offset was pointing towards its tail end. > Add check to avoid OOB access. > > Reported-by: Caihongzhu > Signed-off-by: Prasad J Pandit > --- > hw/block

[Qemu-devel] [PATCH 2/3] nvme: check size before memcpy

2018-10-22 Thread P J P
From: Prasad J Pandit While in nvme_mmio_read, memcpy could read past the 'n->bar' buffer, if addr offset was pointing towards its tail end. Add check to avoid OOB access. Reported-by: Caihongzhu Signed-off-by: Prasad J Pandit --- hw/block/nvme.c | 2 +- 1 file changed, 1 insertion(+), 1 dele