dfaggioli/qemu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
factory
qemu/hw/misc
History
Jamin Lin df9168b019 hw/misc/aspeed_hace: Fix buffer overflow in has_padding function 
The maximum padding size is either 64 or 128 bytes and should always be smaller
than "req_len". If "padding_size" exceeds "req_len", then
"req_len - padding_size" underflows due to "uint32_t" data type, leading to a
large incorrect value (e.g., `0xFFXXXXXX`). This causes an out-of-bounds memory
access, potentially leading to a buffer overflow.

Added a check to ensure "padding_size" does not exceed "req_len" before
computing "pad_offset". This prevents "req_len - padding_size" from underflowing
and avoids accessing invalid memory.

Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Fixes: 5cd7d8564a ("aspeed/hace: Support AST2600 HACE ")
Link: https://lore.kernel.org/qemu-devel/20250321092623.2097234-3-jamin_lin@aspeedtech.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
(cherry picked from commit 78877b2e06)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2025-03-24 23:49:55 +03:00
..
macio
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
a9scu.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
allwinner-a10-ccm.c
hw/misc: Constify VMState
2023-12-30 07:38:06 +11:00
allwinner-a10-dramc.c
hw/misc: Constify VMState
2023-12-30 07:38:06 +11:00
allwinner-cpucfg.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
allwinner-h3-ccu.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
allwinner-h3-dramc.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
allwinner-h3-sysctrl.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
allwinner-r40-ccu.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
allwinner-r40-dramc.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
allwinner-sid.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
allwinner-sramc.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
applesmc.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
arm11scu.c
qdev: set properties with device_class_set_props()
2020-01-24 20:59:15 +01:00
arm_integrator_debug.c
arm: Update infocenter.arm.com URLs
2021-02-11 11:50:14 +00:00
arm_l2x0.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
arm_sysctl.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
armsse-cpu-pwrctrl.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
armsse-cpuid.c
hw/arm/mps2: Update old infocenter.arm.com URLs
2021-03-08 11:54:16 +00:00
armsse-mhu.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
armv7m_ras.c
arm: Move M-profile RAS register block into its own device
2021-09-01 11:08:18 +01:00
aspeed_hace.c
hw/misc/aspeed_hace: Fix buffer overflow in has_padding function
2025-03-24 23:49:55 +03:00
aspeed_i3c.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
aspeed_lpc.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
aspeed_peci.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
aspeed_sbc.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
aspeed_scu.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
aspeed_sdmc.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
aspeed_sli.c
aspeed/sli: Add AST2700 support
2024-06-16 21:08:54 +02:00
aspeed_xdma.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
auxbus.c
bulk: Rename TARGET_FMT_plx -> HWADDR_FMT_plx
2023-01-18 11:14:34 +01:00
avr_power.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
axp2xx.c
hw/misc: Constify VMState
2023-12-30 07:38:06 +11:00
bcm2835_cprman.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
bcm2835_mbox.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
bcm2835_mphi.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
bcm2835_powermgt.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
bcm2835_property.c
hw/misc/bcm2835_property: Reduce scope of variables in mbox push function
2024-07-29 16:55:59 +01:00
bcm2835_rng.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
bcm2835_thermal.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
debugexit.c
hw/misc/debugexit: use runstate API instead of plain exit()
2024-06-04 11:53:43 +02:00
djmemc.c
hw, target: Add ResetType argument to hold and exit phase methods
2024-04-25 10:21:06 +01:00
eccmemctl.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
edu.c
Remove inclusion of hw/hw.h from files that don't need it
2024-07-02 06:58:48 +02:00
empty_slot.c
Use OBJECT_DECLARE_SIMPLE_TYPE when possible
2020-09-18 14:12:32 -04:00
exynos4210_clk.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
exynos4210_pmu.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
exynos4210_rng.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
grlib_ahb_apb_pnp.c
hw/misc/grlib_ahb_apb_pnp: Support 8 and 16 bit accesses
2022-08-08 23:43:11 +02:00
i2c-echo.c
hw/misc/i2c-echo: add copyright/license note
2023-10-12 14:11:44 +02:00
imx6_ccm.c
hw/misc: remove break after g_assert_not_reached()
2024-09-13 20:12:16 +02:00
imx6_src.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
imx6ul_ccm.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
imx7_ccm.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
imx7_gpr.c
Clean up inclusion of sysemu/sysemu.h
2019-08-16 13:31:53 +02:00
imx7_snvs.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
imx7_src.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
imx25_ccm.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
imx31_ccm.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
imx_ccm.c
hw: Do not include qemu/log.h if it is not necessary
2021-05-02 17:24:50 +02:00
imx_rngc.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
iosb.c
hw, target: Add ResetType argument to hold and exit phase methods
2024-04-25 10:21:06 +01:00
iotkit-secctl.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
iotkit-sysctl.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
iotkit-sysinfo.c
hw/misc/iotkit-sysinfo.c: Implement SYS_CONFIG1 and IIDR
2021-03-08 17:20:01 +00:00
ivshmem.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
Kconfig
hw/block: Remove ecc
2024-10-15 15:16:17 +01:00
lasi.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
led.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
mac_via.c
hw/misc: remove break after g_assert_not_reached()
2024-09-13 20:12:16 +02:00
mchp_pfsoc_dmc.c
hw: Remove superfluous includes of hw/hw.h
2021-05-02 17:24:50 +02:00
mchp_pfsoc_ioscb.c
hw/{misc, riscv}: pfsoc: add system controller as unimplemented
2023-01-06 10:42:55 +10:00
mchp_pfsoc_sysreg.c
hw/{misc, riscv}: pfsoc: add system controller as unimplemented
2023-01-06 10:42:55 +10:00
meson.build
hw/misc/stm32_rcc: Implement RCC device for STM32F4 SoCs
2024-10-15 11:29:45 +01:00
mips_cmgcr.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
mips_cpc.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
mips_itu.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
mos6522.c
hw, target: Add ResetType argument to hold and exit phase methods
2024-04-25 10:21:06 +01:00
mps2-fpgaio.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
mps2-scc.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
msf2-sysreg.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
npcm7xx_clk.c
hw/misc: Don't special case RESET_TYPE_COLD in npcm7xx_clk, gcr
2024-04-25 10:21:06 +01:00
npcm7xx_gcr.c
hw/misc: Don't special case RESET_TYPE_COLD in npcm7xx_clk, gcr
2024-04-25 10:21:06 +01:00
npcm7xx_mft.c
hw, target: Add ResetType argument to hold and exit phase methods
2024-04-25 10:21:06 +01:00
npcm7xx_pwm.c
hw, target: Add ResetType argument to hold and exit phase methods
2024-04-25 10:21:06 +01:00
npcm7xx_rng.c
hw/misc: Constify VMState
2023-12-30 07:38:06 +11:00
nrf51_rng.c
hw/misc/nrf51_rng: Don't use BIT_MASK() when we mean BIT()
2024-11-18 13:36:39 +01:00
omap_clk.c
hw/misc/omap_clk: Remove OMAP2-specifics
2024-10-01 14:57:55 +01:00
pc-testdev.c
Use OBJECT_DECLARE_SIMPLE_TYPE when possible
2020-09-18 14:12:32 -04:00
pci-testdev.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
pvpanic-isa.c
hw/misc/pvpanic: centralize definition of supported events
2024-07-01 17:16:04 -04:00
pvpanic-pci.c
hw/misc/pvpanic: centralize definition of supported events
2024-07-01 17:16:04 -04:00
pvpanic.c
hw/misc/pvpanic: add support for normal shutdowns
2024-07-01 17:16:04 -04:00
sbsa_ec.c
hw/misc/sbsa_ec: Declare QOM macros using OBJECT_DECLARE_SIMPLE_TYPE()
2023-01-12 17:15:09 +00:00
sifive_e_aon.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
sifive_e_prci.c
hw: Remove superfluous includes of hw/hw.h
2021-05-02 17:24:50 +02:00
sifive_test.c
hw/misc/sifive_test.c: replace exit calls with proper shutdown
2023-10-12 12:34:30 +10:00
sifive_u_otp.c
hw/misc/sifive_u_otp: Remove the deprecated OTP config with '-drive if=none'
2023-01-26 13:25:07 +01:00
sifive_u_prci.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
slavio_misc.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
stm32_rcc.c
hw/misc/stm32_rcc: Implement RCC device for STM32F4 SoCs
2024-10-15 11:29:45 +01:00
stm32f2xx_syscfg.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
stm32f4xx_exti.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
stm32f4xx_syscfg.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
stm32l4x5_exti.c
hw/misc: In STM32L4x5 EXTI, handle direct interrupts
2024-07-11 11:41:34 +01:00
stm32l4x5_rcc.c
hw/misc/stm32l4x5_rcc: Add validation for MCOPRE and MCOSEL values
2024-08-13 11:34:56 +01:00
stm32l4x5_syscfg.c
hw/misc: Create STM32L4x5 SYSCFG clock
2024-10-15 11:29:45 +01:00
trace-events
hw/misc/stm32_rcc: Implement RCC device for STM32F4 SoCs
2024-10-15 11:29:45 +01:00
trace.h
trace: switch position of headers to what Meson requires
2020-08-21 06:18:24 -04:00
tz-mpc.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
tz-msc.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
tz-ppc.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
unimp.c
hw/misc/unimp: Display the offset with width of the region size
2020-08-28 10:02:46 +01:00
virt_ctrl.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
vmcoreinfo.c
hw/misc: Constify VMState
2023-12-30 07:38:06 +11:00
xlnx-cfi-if.c
hw/misc: Introduce the Xilinx CFI interface
2023-09-08 16:41:34 +01:00
xlnx-versal-cframe-reg.c
hw, target: Add ResetType argument to hold and exit phase methods
2024-04-25 10:21:06 +01:00
xlnx-versal-cfu.c
hw: Use device_class_set_legacy_reset() instead of opencoding
2024-09-13 15:31:44 +01:00
xlnx-versal-crl.c
hw, target: Add ResetType argument to hold and exit phase methods
2024-04-25 10:21:06 +01:00
xlnx-versal-pmc-iou-slcr.c
hw, target: Add ResetType argument to hold and exit phase methods
2024-04-25 10:21:06 +01:00
xlnx-versal-trng.c
hw/misc/xlnx-versal-trng: Call register_finalize_block
2024-09-05 13:12:36 +01:00
xlnx-versal-xramc.c
hw, target: Add ResetType argument to hold and exit phase methods
2024-04-25 10:21:06 +01:00
xlnx-zynqmp-apu-ctrl.c
hw, target: Add ResetType argument to hold and exit phase methods
2024-04-25 10:21:06 +01:00
xlnx-zynqmp-crf.c
hw, target: Add ResetType argument to hold and exit phase methods
2024-04-25 10:21:06 +01:00
zynq_slcr.c
hw/misc/zynq_slcr: Add boot-mode property
2024-07-01 15:40:54 +01:00