> On Jun 24, 2021, at 4:56 AM, Peter Maydell wrote:
>
> On Thu, 24 Jun 2021 at 11:27, Tom Yan wrote:
>> I really think we should get (/ have gotten) things clear first. What
>> exactly is the bug we have been talking about here? I mean like, where
>> does it occur and what's the nature of it.
On Thu, 24 Jun 2021 at 11:27, Tom Yan wrote:
> I really think we should get (/ have gotten) things clear first. What
> exactly is the bug we have been talking about here? I mean like, where
> does it occur and what's the nature of it.
>
> 1. Is it specific to a certain type / model of backend / ph
Hi,
On Thu, 24 Jun 2021 at 02:01, Philippe Mathieu-Daudé wrote:
>
> In commit a9bcedd15a5 ("hw/sd/sdcard: Do not allow invalid SD card
> sizes") we tried to protect us from CVE-2020-13253 by only allowing
> card with power-of-2 sizes. However doing so we disrupted valid user
> cases. As a comprom
On Wed, Jun 23, 2021 at 08:00:21PM +0200, Philippe Mathieu-Daudé wrote:
> In commit a9bcedd15a5 ("hw/sd/sdcard: Do not allow invalid SD card
> sizes") we tried to protect us from CVE-2020-13253 by only allowing
> card with power-of-2 sizes. However doing so we disrupted valid user
> cases. As a com
In commit a9bcedd15a5 ("hw/sd/sdcard: Do not allow invalid SD card
sizes") we tried to protect us from CVE-2020-13253 by only allowing
card with power-of-2 sizes. However doing so we disrupted valid user
cases. As a compromise, allow any card size, but warn only power of 2
sizes are supported, stil
