diff options
author | Philippe Mathieu-Daudé <f4bug@amsat.org> | 2020-09-18 19:14:52 +0200 |
---|---|---|
committer | Philippe Mathieu-Daudé <f4bug@amsat.org> | 2020-10-21 13:34:27 +0200 |
commit | 84816fb63e5c57159b469a66052d1b2bc862ef77 (patch) | |
tree | 6edf47b44d24dac80d1adc6aeb5915d01411ee7e /hw/sd/sd.c | |
parent | 1bd6fd8ed5933bfba53e5f5eadebd845094c3707 (diff) |
hw/sd/sdcard: Assert if accessing an illegal group
We can not have more group than 'wpgrps_size'.
Assert if we are accessing a group above this limit.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20201015063824.212980-7-f4bug@amsat.org>
Diffstat (limited to 'hw/sd/sd.c')
-rw-r--r-- | hw/sd/sd.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/hw/sd/sd.c b/hw/sd/sd.c index 4454d168e2..c3febed243 100644 --- a/hw/sd/sd.c +++ b/hw/sd/sd.c @@ -780,6 +780,7 @@ static void sd_erase(SDState *sd) sd->csd[14] |= 0x40; for (i = erase_start; i <= erase_end; i++) { + assert(i < sd->wpgrps_size); if (test_bit(i, sd->wp_groups)) { sd->card_status |= WP_ERASE_SKIP; } @@ -794,6 +795,7 @@ static uint32_t sd_wpbits(SDState *sd, uint64_t addr) wpnum = sd_addr_to_wpnum(addr); for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) { + assert(wpnum < sd->wpgrps_size); if (addr < sd->size && test_bit(wpnum, sd->wp_groups)) { ret |= (1 << i); } |