git.ipfire.org Git - thirdparty/qemu.git/commit

author	Dmitry Frolov <frolov@swemel.ru>
	Tue, 19 Sep 2023 10:19:25 +0000 (11:19 +0100)
committer	Michael Tokarev <mjt@tls.msk.ru>
	Mon, 2 Oct 2023 23:00:54 +0000 (02:00 +0300)
commit	f59caeca76795341cd1e82575c79bb4a9218650d
tree	a569a2ed3724838e81752dbc8fff6ed0e75f8e87	tree
parent	6970f5ba0e7785b4726509e119a30eeb50cc207c	commit \| diff

hw/cxl: Fix out of bound array access

According to cxl_interleave_ways_enc(), fw->num_targets is allowed to be up
to 16. This also corresponds to CXL r3.0 spec. So, the fw->target_hbs[]
array is iterated from 0 to 15. But it is statically declared of length 8.
Thus, out of bound array access may occur.

Fixes: c28db9e000 ("hw/pci-bridge: Make PCIe and CXL PXB Devices inherit from TYPE_PXB_DEV")
Signed-off-by: Dmitry Frolov <frolov@swemel.ru>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Link: https://lore.kernel.org/r/20230913101055.754709-1-frolov@swemel.ru
Cc: qemu-stable@nongnu.org
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit de5bbfc602ef1b9b79c494a914c6083a1a23cca2)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>