subject:"\[PATCH v1 02\/22\] hw\/misc\/aspeed_hace\: Fix buffer overflow in has_padding function"

Re: [PATCH v1 02/22] hw/misc/aspeed_hace: Fix buffer overflow in has_padding function

2025-03-22 Thread Cédric Le Goater

On 3/21/25 10:47, Jamin Lin wrote: Hi Cedric, Subject: [PATCH v1 02/22] hw/misc/aspeed_hace: Fix buffer overflow in has_padding function The maximum padding size is either 64 or 128 bytes and should always be smaller than "req_len". If "padding_size" exceeds &quo

[PATCH v1 02/22] hw/misc/aspeed_hace: Fix buffer overflow in has_padding function

2025-03-22 Thread Jamin Lin via

The maximum padding size is either 64 or 128 bytes and should always be smaller than "req_len". If "padding_size" exceeds "req_len", then "req_len - padding_size" underflows due to "uint32_t" data type, leading to a large incorrect value (e.g., `0xFFXX`). This causes an out-of-bounds memory acc

RE: [PATCH v1 02/22] hw/misc/aspeed_hace: Fix buffer overflow in has_padding function

2025-03-21 Thread Jamin Lin

Hi Cedric, > Subject: [PATCH v1 02/22] hw/misc/aspeed_hace: Fix buffer overflow in > has_padding function > > The maximum padding size is either 64 or 128 bytes and should always be > smaller than "req_len". If "padding_size" exceeds "req_len", then