hw/sd/sdcard: Assert if accessing an illegal group

We can not have more group than 'wpgrps_size'. Assert if we are accessing a group above this limit. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <20201015063824.212980-7-f4bug@amsat.org>
author: Philippe Mathieu-Daudé <f4bug@amsat.org> 2020-09-18 19:14:52 +0200
committer: Philippe Mathieu-Daudé <f4bug@amsat.org> 2020-10-21 13:34:27 +0200
commit: 84816fb63e5c57159b469a66052d1b2bc862ef77 (patch)
tree: 6edf47b44d24dac80d1adc6aeb5915d01411ee7e
parent: 1bd6fd8ed5933bfba53e5f5eadebd845094c3707 (diff)
download: qemu-84816fb63e5c57159b469a66052d1b2bc862ef77.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/hw/sd/sd.c b/hw/sd/sd.c
index 4454d168e2..c3febed243 100644
--- a/hw/sd/sd.c
+++ b/hw/sd/sd.c
@@ -780,6 +780,7 @@ static void sd_erase(SDState *sd)
     sd->csd[14] |= 0x40;
 
     for (i = erase_start; i <= erase_end; i++) {
+        assert(i < sd->wpgrps_size);
         if (test_bit(i, sd->wp_groups)) {
             sd->card_status |= WP_ERASE_SKIP;
         }
@@ -794,6 +795,7 @@ static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
     wpnum = sd_addr_to_wpnum(addr);
 
     for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) {
+        assert(wpnum < sd->wpgrps_size);
         if (addr < sd->size && test_bit(wpnum, sd->wp_groups)) {
             ret |= (1 << i);
         }
author	Philippe Mathieu-Daudé <f4bug@amsat.org>	2020-09-18 19:14:52 +0200
committer	Philippe Mathieu-Daudé <f4bug@amsat.org>	2020-10-21 13:34:27 +0200
commit	84816fb63e5c57159b469a66052d1b2bc862ef77 (patch)
tree	6edf47b44d24dac80d1adc6aeb5915d01411ee7e
parent	1bd6fd8ed5933bfba53e5f5eadebd845094c3707 (diff)
download	qemu-84816fb63e5c57159b469a66052d1b2bc862ef77.zip