diff options
author | Philippe Mathieu-Daudé <f4bug@amsat.org> | 2020-09-13 13:18:52 +0200 |
---|---|---|
committer | Philippe Mathieu-Daudé <f4bug@amsat.org> | 2020-10-21 13:34:04 +0200 |
commit | 1bd6fd8ed5933bfba53e5f5eadebd845094c3707 (patch) | |
tree | c2dc09ff8cb728a89cdbb3bab8dd5131657ae04f | |
parent | c8c8b3f1c179e1b8d21c2e636dc893ebfc522874 (diff) |
hw/sd/sdcard: Do not attempt to erase out of range addresses
While the Spec v3 is not very clear, v6 states:
If the host provides an out of range address as an argument
to CMD32 or CMD33, the card shall indicate OUT_OF_RANGE error
in R1 (ERX) for CMD38.
If an address is out of range, do not attempt to erase it:
return R1 with the error bit set.
Buglink: https://bugs.launchpad.net/qemu/+bug/1895310
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20201015063824.212980-6-f4bug@amsat.org>
-rw-r--r-- | hw/sd/sd.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/hw/sd/sd.c b/hw/sd/sd.c index ee7b64023a..4454d168e2 100644 --- a/hw/sd/sd.c +++ b/hw/sd/sd.c @@ -766,6 +766,13 @@ static void sd_erase(SDState *sd) erase_end *= 512; } + if (sd->erase_start > sd->size || sd->erase_end > sd->size) { + sd->card_status |= OUT_OF_RANGE; + sd->erase_start = INVALID_ADDRESS; + sd->erase_end = INVALID_ADDRESS; + return; + } + erase_start = sd_addr_to_wpnum(erase_start); erase_end = sd_addr_to_wpnum(erase_end); sd->erase_start = INVALID_ADDRESS; |