Re: [PATCH] ide:atapi: check io_buffer_index in ide_atapi_cmd_reply_end
se { dma_buf_read(s->data_ptr, size, &s->sg);//##11# both can be reached } } } s->data_ptr can be a value out of range, so base on ad->cur_cmd->opts, ##10## ##11## can be OOB read or OOB write. OOB read: obtain the leaked information, whi
Re: [PATCH] ide:atapi: check io_buffer_index in ide_atapi_cmd_reply_end
size = (s->cd_sector_size - s->io_buffer_index); <- } } Wenxiang Qian 于2020年12月11日周五 下午4:23写道: > Hello, > > I may not have made the detail clear in my previous email. The details of > the AHCI device, after running the reproducer I attached in my report are >
