1. Patchew
  2. QEMU
  3. [PATCH v2 0/2] hw/smbios: Fix option validation
  4. View patch

[PATCH v2 2/2] hw/smbios: Fix port connector option validation

Akihiko Odaki posted 2 patches 10 months ago
Maintainers: "Michael S. Tsirkin" <mst@redhat.com>, Igor Mammedov <imammedo@redhat.com>, Ani Sinha <anisinha@redhat.com>
[PATCH v2 2/2] hw/smbios: Fix port connector option validation
Posted by Akihiko Odaki 10 months ago 
qemu_smbios_type8_opts did not have the list terminator and that
resulted in out-of-bound memory access. It also needs to have an element
for the type option.

Cc: qemu-stable@nongnu.org
Fixes: fd8caa253c56 ("hw/smbios: support for type 8 (port connector)")
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
---
 hw/smbios/smbios.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/hw/smbios/smbios.c b/hw/smbios/smbios.c
index 522ed1ed9fe3..8a44d3f271de 100644
--- a/hw/smbios/smbios.c
+++ b/hw/smbios/smbios.c
@@ -346,6 +346,11 @@ static const QemuOptDesc qemu_smbios_type4_opts[] = {
 };
 
 static const QemuOptDesc qemu_smbios_type8_opts[] = {
+    {
+        .name = "type",
+        .type = QEMU_OPT_NUMBER,
+        .help = "SMBIOS element type",
+    },
     {
         .name = "internal_reference",
         .type = QEMU_OPT_STRING,
@@ -366,6 +371,7 @@ static const QemuOptDesc qemu_smbios_type8_opts[] = {
         .type = QEMU_OPT_NUMBER,
         .help = "port type",
     },
+    { /* end of list */ }
 };
 
 static const QemuOptDesc qemu_smbios_type11_opts[] = {

-- 
2.43.0
Re: [PATCH v2 2/2] hw/smbios: Fix port connector option validation
Posted by Ani Sinha 10 months ago 

> On 29-Jan-2024, at 13:33, Akihiko Odaki <akihiko.odaki@daynix.com> wrote:
> 
> qemu_smbios_type8_opts did not have the list terminator and that
> resulted in out-of-bound memory access. It also needs to have an element
> for the type option.
> 
> Cc: qemu-stable@nongnu.org
> Fixes: fd8caa253c56 ("hw/smbios: support for type 8 (port connector)")
> Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>

Reviewed-by: Ani Sinha <anisinha@redhat.com>

> ---
> hw/smbios/smbios.c | 6 ++++++
> 1 file changed, 6 insertions(+)
> 
> diff --git a/hw/smbios/smbios.c b/hw/smbios/smbios.c
> index 522ed1ed9fe3..8a44d3f271de 100644
> --- a/hw/smbios/smbios.c
> +++ b/hw/smbios/smbios.c
> @@ -346,6 +346,11 @@ static const QemuOptDesc qemu_smbios_type4_opts[] = {
> };
> 
> static const QemuOptDesc qemu_smbios_type8_opts[] = {
> +    {
> +        .name = "type",
> +        .type = QEMU_OPT_NUMBER,
> +        .help = "SMBIOS element type",
> +    },
>     {
>         .name = "internal_reference",
>         .type = QEMU_OPT_STRING,
> @@ -366,6 +371,7 @@ static const QemuOptDesc qemu_smbios_type8_opts[] = {
>         .type = QEMU_OPT_NUMBER,
>         .help = "port type",
>     },
> +    { /* end of list */ }
> };
> 
> static const QemuOptDesc qemu_smbios_type11_opts[] = {
> 
> -- 
> 2.43.0
>

Patchew 2.1-devel-b67e4c2

© 2016 - 2024 Red Hat, Inc.