From patchwork Thu Nov 15 19:24:38 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Corey Minyard X-Patchwork-Id: 151239 Delivered-To: patch@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp7398842ljp; Thu, 15 Nov 2018 11:25:45 -0800 (PST) X-Google-Smtp-Source: AJdET5fZZr9f+CXdwjGxOSx9mg2iSLM1XeUVYbm1Aws5wXzIpOyXsbwhMR9R4pPC58EuUpmhcP58 X-Received: by 2002:a0c:d4f9:: with SMTP id y54mr7443094qvh.98.1542309944649; Thu, 15 Nov 2018 11:25:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1542309944; cv=none; d=google.com; s=arc-20160816; b=N/pDRWK/UEe8RDHTsIWGYwaUbj3TMc9BmFW6RgU1L7PPwlOjaklVFGbYUDpw7ZsPVD V9XwSn+JXhBJP41Vh2yCDlNSDjqG/cERPXlTMpKJ0NwfOdpca50Fgz40uw1jIOK29qes 7DKTQ/DH+mhcYUIUBVaDBw9o3bU3KQ369AkARwrQeMKA9pvjKWEdF0kqOVTZcFchCsFA Nfm1mHtlMRgSTo2Cq/nKPGyDO/yxpbYkgXqpxiH9d4YWYiPr+uQNDErJh5dmzPtvUoWw t+ggH2Wjg/qhPh3hnc0x/IUYlam6jcLOzbFQIKyatTcMUZEC1zME4BeHoJqOmZA79wJh 0dwg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:references:in-reply-to :message-id:date:to:from:dkim-signature; bh=m+ciRRszxYVWkCTsBVDVcjkGQCHvD6rDYfYPBrwDZiU=; b=zeWiRcPIdwAFhFoAKRhSy3EPUn8JSFi8p6pkFIaWiS1I1OX+MJS2dc2R01N4fXqdhR 9CrvQbMZd8BQxnJWWngzvqm+sn6iwCsd5DxI4ED7xYdIrXHQ6skeiCqpraof/dtfUz5A hf31+7BocH5ewUkIn/EOl6t3P4wk+UsVTwtUtFjvtBdCac4lqoLeOTpEB14Wss68GJ7s tuEMBUnSs2Oq/UR5OK/JNA85wZ3oQSQfQYdHJUMlaHcSnGMl1k992HEQcLK5Pqtu4Kk3 hy/jHEAh2DQXJF8kjyvuG2azAu7lYWI5kjtSDvjbPW7RzMciURjVn15f6sH9dQv7E/t5 wenQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=kq8FlDiw; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id q12si10828091qtl.33.2018.11.15.11.25.44 for (version=TLS1 cipher=AES128-SHA bits=128/128); Thu, 15 Nov 2018 11:25:44 -0800 (PST) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=kq8FlDiw; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1]:40436 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gNNGp-0003a9-Sr for patch@linaro.org; Thu, 15 Nov 2018 14:25:43 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:56161) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gNNGF-0003Ro-Ff for qemu-devel@nongnu.org; Thu, 15 Nov 2018 14:25:16 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gNNG4-0007zi-18 for qemu-devel@nongnu.org; Thu, 15 Nov 2018 14:25:07 -0500 Received: from mail-ot1-x341.google.com ([2607:f8b0:4864:20::341]:33275) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1gNNG3-0007zP-Ou for qemu-devel@nongnu.org; Thu, 15 Nov 2018 14:24:55 -0500 Received: by mail-ot1-x341.google.com with SMTP id i20so12635634otl.0 for ; Thu, 15 Nov 2018 11:24:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=m+ciRRszxYVWkCTsBVDVcjkGQCHvD6rDYfYPBrwDZiU=; b=kq8FlDiw3M2PZD+SpP1qRPEOkBAp7t30zzkWP+HqvJXv31/m/8fOHa/h9x5BTYcvg/ Mu6pSrE3cjesaat1zXDFWK5XN4YAM4GmefAVvwI47A03cRctoRxRd+B9k4OePMOMwpI4 dCsXk3npwCOM5M5HczuJSaSvfqri3YUJQbZFfi1fZYjVXFm3kaaDgLNSWjORCYOuRKTz 8j9cadBpxWuCMiwtGsDdM1N35wjZxgftLUqjQHmbNQziw3FEmbe1LVd756tMJRYRVoZO zp7014IE64ozZQHKMEbahhGH8Yq51DxjsIhfU26bcYMgEOOMBo3rnwti+rsKTlnrGJJg uBJw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=m+ciRRszxYVWkCTsBVDVcjkGQCHvD6rDYfYPBrwDZiU=; b=Q0A0e0/ZKzQZ/H5hrD5g9mNCjKmF7FIj14vpYms9W/MwpurK7Sy0/i3NDmoAmSU8dZ UQ7Bj8HXqTSgv2ib0Z7/1nzHdZcNmsDa0RUORiwQ2Qm7r8MI0kH5i6FSmWzpCdonnOU3 n4ZRDED/cEBzLW5RZ1nU0gOR6ps19P+rMw5xRCcc1nFtKa/ypwV++ZrL0peC2BXsveR8 mhYnL4dI/F/nZfx7LiKZJwnZtC12kmBKQIncws1PHH0SnRpAni5CHlo5W9kgBo9lvsg/ F/X2Ry/1eewEVQdgp7IispIx/JKoN0kqStvXiMY5chwu8XSFnI5oCet73jwcLol2YfFv DCNA== X-Gm-Message-State: AGRZ1gLUZkX/sXBAWwZbyYMYjSi4nNUlrxJnU0R4E/ugZFnf/CzWrbkH SN1Igr32RIu+zTR5M4YT5lZvsZo= X-Received: by 2002:a9d:38d6:: with SMTP id k22mr4685380ote.77.1542309894944; Thu, 15 Nov 2018 11:24:54 -0800 (PST) Received: from serve.minyard.net ([47.184.128.64]) by smtp.gmail.com with ESMTPSA id p189-v6sm3454125oif.19.2018.11.15.11.24.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 15 Nov 2018 11:24:53 -0800 (PST) Received: from t430.minyard.net (t430m.minyard.net [192.168.27.3]) by serve.minyard.net (Postfix) with ESMTPA id 35871F61; Thu, 15 Nov 2018 13:24:50 -0600 (CST) Received: by t430.minyard.net (Postfix, from userid 1000) id 88BBC301465; Thu, 15 Nov 2018 13:24:48 -0600 (CST) From: minyard@acm.org To: qemu-devel@nongnu.org Date: Thu, 15 Nov 2018 13:24:38 -0600 Message-Id: <20181115192446.17187-5-minyard@acm.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181115192446.17187-1-minyard@acm.org> References: <20181115192446.17187-1-minyard@acm.org> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:4864:20::341 Subject: [Qemu-devel] [PATCH v2 04/12] i2c: Add a length check to the SMBus write handling X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Paolo Bonzini , Corey Minyard , "Dr . David Alan Gilbert" , minyard@acm.org, "Michael S . Tsirkin" Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" From: Corey Minyard Avoid an overflow. Signed-off-by: Corey Minyard --- hw/i2c/smbus_slave.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) -- 2.17.1 Reviewed-by: Peter Maydell diff --git a/hw/i2c/smbus_slave.c b/hw/i2c/smbus_slave.c index 83ca041b5d..fa988919d8 100644 --- a/hw/i2c/smbus_slave.c +++ b/hw/i2c/smbus_slave.c @@ -182,7 +182,11 @@ static int smbus_i2c_send(I2CSlave *s, uint8_t data) switch (dev->mode) { case SMBUS_WRITE_DATA: DPRINTF("Write data %02x\n", data); - dev->data_buf[dev->data_len++] = data; + if (dev->data_len >= sizeof(dev->data_buf)) { + BADF("Too many bytes sent\n"); + } else { + dev->data_buf[dev->data_len++] = data; + } break; default: