sdhci.c: Limit the maximum block size
It is possible for the guest to set an invalid block size which is larger then the fifo_buffer[] array. This could cause a buffer overflow. To avoid this limit the maximum size of the blksize variable. Signed-off-by:Alistair Francis <alistair.francis@xilinx.com> Reported-by:
Intel Security ATR <secure@intel.com> Reviewed-by:
Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by:
Peter Crosthwaite <crosthwaite.peter@gmail.com> Message-id: abe4c51f513290bbb85d1ee271cb1a3d463d7561.1444067470.git.alistair.francis@xilinx.com Suggested-by:
Igor Mitsyanko <i.mitsyanko@gmail.com> Reported-by:
Intel Security ATR <secure@intel.com> Reviewed-by:
Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by:
Stefan Hajnoczi <stefanha@redhat.com>
Please register or sign in to comment