a327e9e928
esp: always check current_req is not NULL before use in DMA callbacks Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: imxcc <xingchaochao@huawei.com>
31 lines
856 B
Diff
31 lines
856 B
Diff
From dc8416b55d69e70912acd2364494a490b02e3198 Mon Sep 17 00:00:00 2001
|
|
From: imxcc <xingchaochao@huawei.com>
|
|
Date: Mon, 21 Jun 2021 17:15:39 +0800
|
|
Subject: [PATCH] fix cve-2020-35504
|
|
|
|
esp: always check current_req is not NULL before use in DMA callbacks
|
|
|
|
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
|
|
Signed-off-by: imxcc <xingchaochao@huawei.com>
|
|
---
|
|
hw/scsi/esp.c | 3 +++
|
|
1 file changed, 3 insertions(+)
|
|
|
|
diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c
|
|
index 7508d035ca..d1f13b350e 100644
|
|
--- a/hw/scsi/esp.c
|
|
+++ b/hw/scsi/esp.c
|
|
@@ -253,6 +253,9 @@ static void esp_do_dma(ESPState *s)
|
|
s->dma_memory_read(s->dma_opaque, &s->cmdbuf[s->cmdlen], len);
|
|
return;
|
|
}
|
|
+ if (!s->current_req) {
|
|
+ return;
|
|
+ }
|
|
if (s->async_len == 0) {
|
|
/* Defer until data is available. */
|
|
return;
|
|
--
|
|
2.27.0
|
|
|