> -Original Message-
> From: Peter Maydell [mailto:peter.mayd...@linaro.org]
> Sent: Tuesday, November 10, 2020 11:30 PM
> To: Chenqun (kuhn)
> Cc: QEMU Developers ; QEMU Trivial
> ; Yoshinori Sato ;
> Zhanghailiang ; ganqixin
> ; Euler Robot
> Subject: Re
On Thu, 5 Nov 2020 at 07:08, Chen Qun wrote:
>
> When 'j = icu->nr_sense – 1', the 'j < icu->nr_sense' condition is true,
> then 'j = icu->nr_sense', the'icu->init_sense[j]' has out-of-bounds access.
Yes, this is a bug...
> Maybe this could lead to some security problems.
...but it's not a secu
> To: qemu-devel@nongnu.org; qemu-triv...@nongnu.org
> Cc: Zhanghailiang ; ganqixin
> ; Chenqun (kuhn) ;
> Euler Robot ; Yoshinori Sato
>
> Subject: [PATCH] hw/intc: fix heap-buffer-overflow in rxicu_realize()
>
> When 'j = icu->nr_sense – 1', the 'j <
When 'j = icu->nr_sense – 1', the 'j < icu->nr_sense' condition is true,
then 'j = icu->nr_sense', the'icu->init_sense[j]' has out-of-bounds access.
Maybe this could lead to some security problems.
The asan showed stack:
ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60404d7d at pc
