qemu-cr16

History

Cédric Le Goater d4c6c60993 hw/adc: Fix out-of-bounds write in Aspeed ADC model The 'regs' array has ASPEED_ADC_NR_REGS (52) elements, while the memory region covers offsets 0x00-0xFC. The aspeed_adc_engine_write() function has an out-of-bounds write vulnerability when accessing unimplemented registers. Fix this by using 'return' instead of 'break' in the default case, which prevents execution from reaching the s->regs[reg] assignment for unimplemented registers. Reported-by: Elhrj Saad <saadelhrj@gmail.com> Fixes: `5857974d5d` ("hw/adc: Add basic Aspeed ADC model") Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Link: https://lore.kernel.org/qemu-devel/20260126141820.719492-1-clg@redhat.com Signed-off-by: Cédric Le Goater <clg@redhat.com> (cherry picked from commit 4c6521296d2b6820ab1f8c59d3a80cd0c138b2d8) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>		2026-02-06 00:02:27 +03:00
..
aspeed_adc.c	hw/adc: Fix out-of-bounds write in Aspeed ADC model	2026-02-06 00:02:27 +03:00
Kconfig	hw/adc: Remove MAX111X device	2024-10-15 15:16:17 +01:00
meson.build	hw/adc: Remove MAX111X device	2024-10-15 15:16:17 +01:00
npcm7xx_adc.c	qom: Have class_init() take a const data argument	2025-04-25 17:00:41 +02:00
stm32f2xx_adc.c	qom: Have class_init() take a const data argument	2025-04-25 17:00:41 +02:00
trace-events	hw/adc: Add basic Aspeed ADC model	2021-10-12 08:20:08 +02:00
trace.h	hw/adc: Add an ADC module for NPCM7XX	2021-01-12 21:19:02 +00:00
zynq-xadc.c	qom: Have class_init() take a const data argument	2025-04-25 17:00:41 +02:00