mirrors/qemu
0
0
Fork 0
mirror of https://github.com/qemu/qemu.git synced 2024-12-04 01:03:38 +08:00
Code Issues Packages Projects Releases Wiki Activity

fuzz: check the MR in the DMA callback

Browse Source 
We should be checking that the device is trying to read from RAM, before
filling the region with data. Otherwise, we will try to populate
nonsensical addresses in RAM for callbacks on PIO/MMIO reads. We did
this originally, however the final version I sent had the line commented
out..

Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Message-Id: <20201029172901.534442-3-alxndr@bu.edu>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This commit is contained in:
Alexander Bulekov 2020-10-29 13:28:59 -04:00 committed by Paolo Bonzini
parent a9f67c1d51
commit cc3d99c741
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
tests/qtest/fuzz/generic_fuzz.c
View File

@ -192,7 +192,7 @@ void fuzz_dma_read_cb(size_t addr, size_t len, MemoryRegion *mr, bool is_write)
*/
if (dma_patterns->len == 0
|| len == 0
/* || mr != MACHINE(qdev_get_machine())->ram */
|| mr != current_machine->ram
|| is_write
|| addr > current_machine->ram_size) {
return;