Hello John,
+-- On Tue, 18 May 2021, John Snow wrote --+
| Annotated:
|
| # fdctrl->cur_drv starts at 0x00
| # fdctrl->dor starts at 0x0c (DMA, RESET#)
| # fdctrl->dsr starts at 0x00
|
| > outb 0x3f2 0x04
| fdc_ioport_write write reg 0x02 [DOR] Digital Output Register val 0x04
| DOR changed
On 5/18/21 5:01 AM, P J P wrote:
Hello John,
+-- On Mon, 17 May 2021, John Snow wrote --+
| > /* Selected drive */
| > -fdctrl->cur_drv = value & FD_DOR_SELMASK;
| > +if (fdctrl->drives[value & FD_DOR_SELMASK].blk) {
| > +fdctrl->cur_drv = value & FD_DOR_SELMASK;
| > +
On 5/18/21 5:01 AM, P J P wrote:
Hello John,
+-- On Mon, 17 May 2021, John Snow wrote --+
| > /* Selected drive */
| > -fdctrl->cur_drv = value & FD_DOR_SELMASK;
| > +if (fdctrl->drives[value & FD_DOR_SELMASK].blk) {
| > +fdctrl->cur_drv = value & FD_DOR_SELMASK;
| > +
Hello John,
+-- On Mon, 17 May 2021, John Snow wrote --+
| > /* Selected drive */
| > -fdctrl->cur_drv = value & FD_DOR_SELMASK;
| > +if (fdctrl->drives[value & FD_DOR_SELMASK].blk) {
| > +fdctrl->cur_drv = value & FD_DOR_SELMASK;
| > +}
|
| I don't think this is corre
On 1/23/21 5:03 AM, P J P wrote:
From: Prasad J Pandit
While processing ioport command in 'fdctrl_write_dor', device
controller may select a drive which is not initialised with a
block device. This may result in a NULL pointer dereference.
Add checks to avoid it.
Fixes: CVE-2021-20196
Reported
On 1/23/21 12:52 PM, Alexander Bulekov wrote:
On 210123 1247, Alexander Bulekov wrote:
Hello,
Here is a reproducer for this bug found by the OSS-Fuzz fuzzer:
cat << EOF | qemu-system-i386 -display none -machine accel=qtest \
-m 512M -machine pc -device floppy,unit=1,id=floppy0,drive=disk0 \
-dr
On 5/17/21 1:12 PM, P J P wrote:
> +-- On Sat, 15 May 2021, Philippe Mathieu-Daudé wrote --+
> | This patch misses the qtest companion with the reproducer
> | provided by Alexander.
>
> Do we need a revised patch[-series] including a qtest? OR it can be done at
> merge time?
Paolo usually asks f
On 5/17/21 7:12 AM, P J P wrote:
+-- On Sat, 15 May 2021, Philippe Mathieu-Daudé wrote --+
| This patch misses the qtest companion with the reproducer
| provided by Alexander.
Do we need a revised patch[-series] including a qtest? OR it can be done at
merge time?
Thank you.
--
- P J P
8685 54
+-- On Sat, 15 May 2021, Philippe Mathieu-Daudé wrote --+
| This patch misses the qtest companion with the reproducer
| provided by Alexander.
Do we need a revised patch[-series] including a qtest? OR it can be done at
merge time?
Thank you.
--
- P J P
8685 545E B54C 486B C6EB 271E E285 8B5A F0
On 5/14/21 9:26 PM, John Snow wrote:
> On 5/14/21 3:23 PM, Thomas Huth wrote:
>> On 23/01/2021 11.03, P J P wrote:
>>> From: Prasad J Pandit
>>>
>>> While processing ioport command in 'fdctrl_write_dor', device
>>> controller may select a drive which is not initialised with a
>>> block device. Thi
On 5/14/21 3:23 PM, Thomas Huth wrote:
On 23/01/2021 11.03, P J P wrote:
From: Prasad J Pandit
While processing ioport command in 'fdctrl_write_dor', device
controller may select a drive which is not initialised with a
block device. This may result in a NULL pointer dereference.
Add checks to
On 23/01/2021 11.03, P J P wrote:
From: Prasad J Pandit
While processing ioport command in 'fdctrl_write_dor', device
controller may select a drive which is not initialised with a
block device. This may result in a NULL pointer dereference.
Add checks to avoid it.
Fixes: CVE-2021-20196
Reporte
+-- On Sat, 23 Jan 2021, P J P wrote --+
| From: Prasad J Pandit
|
| While processing ioport command in 'fdctrl_write_dor', device
| controller may select a drive which is not initialised with a
| block device. This may result in a NULL pointer dereference.
| Add checks to avoid it.
|
| Fixes: C
On 210123 1247, Alexander Bulekov wrote:
> Hello,
> Here is a reproducer for this bug found by the OSS-Fuzz fuzzer:
>
> cat << EOF | qemu-system-i386 -display none -machine accel=qtest \
> -m 512M -machine pc -device floppy,unit=1,id=floppy0,drive=disk0 \
> -drive id=disk0,file=null-co://,file.rea
Hello,
Here is a reproducer for this bug found by the OSS-Fuzz fuzzer:
cat << EOF | qemu-system-i386 -display none -machine accel=qtest \
-m 512M -machine pc -device floppy,unit=1,id=floppy0,drive=disk0 \
-drive id=disk0,file=null-co://,file.read-zeroes=on,if=none,format=raw \
-qtest stdio
outw 0x
From: Prasad J Pandit
While processing ioport command in 'fdctrl_write_dor', device
controller may select a drive which is not initialised with a
block device. This may result in a NULL pointer dereference.
Add checks to avoid it.
Fixes: CVE-2021-20196
Reported-by: Gaoning Pan
Buglink: https://
16 matches
Mail list logo
