m25p80: don't let rogue SPI controllers cause buffer overruns
authorJean-Christophe Dubois <jcd@tribudubois.net>
Mon, 9 Jan 2017 11:40:23 +0000 (11:40 +0000)
committerPeter Maydell <peter.maydell@linaro.org>
Mon, 9 Jan 2017 11:40:23 +0000 (11:40 +0000)
commit24cb2e0d57cea0cbc163f23fa47d530b35425a21
tree43a73f13f9bb22940a818e9e863f2bc66cd0015c
parent8dd845d3c434cf2c799e0f86a1b53b33057b61ab
m25p80: don't let rogue SPI controllers cause buffer overruns

In normal operation we should never attempt to put more
data into the data[] array than it can hold. However if the
SPI controller connected to us misbehaves then it can send
us a sequence of commands that attempt this. Since the
controller might be in the guest (if the hardware does SPI
via bit-banging), catch the possible overrun conditions and
reset the flash internal state, logging them as guest errors.

Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Message-id: 20170107111631.24444-1-jcd@tribudubois.net
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: rewrote commit message to be more exact about when
 this can happen]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/block/m25p80.c