Message ID | 20201015063824.212980-7-f4bug@amsat.org |
---|---|
State | New |
Headers | show |
Series | hw/sd/sdcard: Do not attempt to erase out of range addresses | expand |
diff --git a/hw/sd/sd.c b/hw/sd/sd.c index 4454d168e2f..c3febed2434 100644 --- a/hw/sd/sd.c +++ b/hw/sd/sd.c @@ -780,6 +780,7 @@ static void sd_erase(SDState *sd) sd->csd[14] |= 0x40; for (i = erase_start; i <= erase_end; i++) { + assert(i < sd->wpgrps_size); if (test_bit(i, sd->wp_groups)) { sd->card_status |= WP_ERASE_SKIP; } @@ -794,6 +795,7 @@ static uint32_t sd_wpbits(SDState *sd, uint64_t addr) wpnum = sd_addr_to_wpnum(addr); for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) { + assert(wpnum < sd->wpgrps_size); if (addr < sd->size && test_bit(wpnum, sd->wp_groups)) { ret |= (1 << i); }
We can not have more group than 'wpgrps_size'. Assert if we are accessing a group above this limit. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> --- hw/sd/sd.c | 2 ++ 1 file changed, 2 insertions(+)