Re: [Qemu-devel] [PATCH] scsi: Allocate SCSITargetReq r->buf dynamically

2013-10-08 Thread Michael Roth
Quoting Asias He (2013-10-08 03:43:37) > r->buf is hardcoded to 2056 which is (256 + 1) * 8, allowing 256 luns at > most. If more than 256 luns are specified by user, we have buffer > overflow in scsi_target_emulate_report_luns. > > To fix, we allocate the buffer dynamically. > > Signed-off-by: A

[Qemu-devel] [PATCH] scsi: Allocate SCSITargetReq r->buf dynamically

2013-10-08 Thread Asias He
r->buf is hardcoded to 2056 which is (256 + 1) * 8, allowing 256 luns at most. If more than 256 luns are specified by user, we have buffer overflow in scsi_target_emulate_report_luns. To fix, we allocate the buffer dynamically. Signed-off-by: Asias He --- hw/scsi/scsi-bus.c | 44 +++